amorgante/Factory
SHA256
1
0
Fork 0
forked from suse-edge/Factory
Code Pull Requests Activity

Compare commits

base: amorgante:multi-arch-ipa
Branches Tags
amorgante:main amorgante:3.2 amorgante:multi-arch-ipa amorgante:devel suse-edge:main suse-edge:3.3 suse-edge:3.2 suse-edge:devel
..
compare: amorgante:3.2
Branches Tags
amorgante:main amorgante:3.2 amorgante:multi-arch-ipa amorgante:devel suse-edge:main suse-edge:3.3 suse-edge:3.2 suse-edge:devel

49 Commits
multi-arch ... 3.2

Author SHA256 Message Date
Denislav Prodanov
af930ae49c Merge pull request '[3.2] update longhorn version to 1.7.3' (#90) from dprodanov/Factory:backport-3.2-main into 3.2 
Reviewed-on: suse-edge/Factory#90
Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>
 2025-03-14 13:08:29 +01:00
Denislav Prodanov
625b0da057 update longhorn version to 1.7.3 
remove accidental push of .idea
 2025-03-14 12:25:54 +02:00
Steven Hardy
17b108ef3d release-manifest: Update metal3 version 
Aligns with latest 0.9.4 version on this branch
 2025-03-13 12:04:28 +00:00
Steven Hardy
d0e1e065a5 metal3-chart: update to 0.9.4 
Aligns with https://github.com/suse-edge/charts/pull/192

(cherry picked from commit 6531575f1b)
 2025-03-13 12:00:39 +00:00
Steven Hardy
1d9ae4aa3d metal3-chart: update to 0.9.3 
Aligns with https://github.com/suse-edge/charts/pull/189

(cherry picked from commit d59f3540a2)
 2025-03-13 11:59:56 +00:00
Steven Hardy
2553da6659 ironic-image: update to 26.1.2.3 
Aligns with https://github.com/suse-edge/charts/pull/189
Also see:
https://build.opensuse.org/package/rdiff/isv:SUSE:Edge:Metal3:Ironic:2024.2/ironic-image?linkrev=base&rev=11

(cherry picked from commit 43c764e69c)
 2025-03-13 11:59:33 +00:00
Nicolas Belouin
3d6c9be9ed Merge pull request '[3.2] Backport workflows for prjconf and meta and fixes for tar_scm' (#78) from nbelouin/Factory:backport-workflows into 3.2 
Reviewed-on: suse-edge/Factory#78
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>
 2025-02-25 15:34:57 +01:00
Steven Hardy
e6561f36ed Add metal3 images to ARM allowlist 
We need to ensure these build to enable usage of the metal3 chart on ARM

(cherry picked from commit f61bb1e0e6)

Add ipcalc, crudini and fakeroot for aarch64 build

Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
(cherry picked from commit 98c4be017d)
 2025-02-24 16:01:03 +01:00
Nicolas Belouin
fa1da01c29 Fix obsinfo tar issues 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
(cherry picked from commit dccf206a98)
(cherry picked from commit 7f93226cd3)
 2025-02-24 16:00:50 +01:00
Nicolas Belouin
cf3153e074 Sync metadata, revamp PR jobs 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
(cherry picked from commit d6d501ad99)
(cherry picked from commit 4d824b71cc)
(cherry picked from commit 0d3c83fca1)
(cherry picked from commit 5a73d61002)
(cherry picked from commit 34687fb5e9)
(cherry picked from commit 4a99805fde)
(cherry picked from commit 331f08255c)
(cherry picked from commit 3dea69443d)
(cherry picked from commit d97e434fce)
(cherry picked from commit 9e41ee25d9)
(cherry picked from commit 8f20b3433e)
 2025-02-24 16:00:18 +01:00
Nicolas Belouin
94d4faf0f9 Add project config to git 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
(cherry picked from commit c86d724e92)
(cherry picked from commit c04b2af72b)
(cherry picked from commit 54e0941879)
(cherry picked from commit a510134ed4)
 2025-02-24 15:59:45 +01:00
Steven Hardy
943fe7cda4 metal3-chart: Update to 0.9.2 
Align with https://github.com/suse-edge/charts/pull/182

(cherry picked from commit 9d97e8a56d)
 2025-02-13 14:26:56 +00:00
Steven Hardy
10757d70e3 ironic-image: update to 26.1.2.2 
Align with:
https://build.opensuse.org/package/rdiff/isv:SUSE:Edge:Metal3:Ironic:2024.2/ironic-image?linkrev=base&rev=10
https://github.com/suse-edge/charts/pull/182

Fixes a pod restart caused by the runlogwatch.sh script

(cherry picked from commit b912f9d68a)
 2025-02-13 14:26:37 +00:00
Steven Hardy
74a858e8dc ironic-ipa-downloader-image: remove unused _service entry 
This is hard-coded to x86_64 so won't work for ARM, aligns with:
https://build.opensuse.org/package/rdiff/isv:SUSE:Edge:Metal3:Ironic:2024.2/ironic-ipa-downloader-image?linkrev=base&rev=6

(cherry picked from commit 45443d5b5f)
 2025-02-13 14:26:22 +00:00
Steven Hardy
09f0242287 metal3-chart: update to 0.9.1 
Align with https://github.com/suse-edge/charts/pull/173 which
added some fixes to enable deployment on aarch64

(cherry picked from commit 5d20bc38e3)
 2025-02-13 14:25:51 +00:00
Steven Hardy
51ea0c0499 ironic-ipa-downloader-image: update to 3.0.1 
Update to the latest version from
https://build.opensuse.org/package/show/isv:SUSE:Edge:Metal3:Ironic:2024.2/ironic-ipa-downloader-image

(cherry picked from commit e085a97d98)
 2025-02-13 14:25:37 +00:00
Steven Hardy
e4363afaf9 Add ironic-ipa-ramdisk/root.tar.bz2 to lfs 2025-02-13 14:25:21 +00:00
Steven Hardy
4b20cf74d9 ironic-ipa-ramdisk: update to 3.0.1 
Update to the latest version from
https://build.opensuse.org/package/show/isv:SUSE:Edge:Metal3:Ironic:2024.2/ironic-ipa-ramdisk

(cherry picked from commit 58c8be887a)
 2025-02-13 14:24:34 +00:00
Steven Hardy
2b4c6c3cce ironic-image: update to 26.1.2.1 
Align with latest 26.1.2.1 version from
https://build.opensuse.org/package/show/isv:SUSE:Edge:Metal3:Ironic:2024.2/ironic-image

(cherry picked from commit 0d59ad920e)
 2025-02-13 14:24:12 +00:00
Nicolas Belouin
a223185628 Merge pull request 'Import missing package: frr-k8s-image' (#68) from nbelouin/Factory:import-frr-k8s-image-3.2 into 3.2 
Reviewed-on: suse-edge/Factory#68
Reviewed-by: Atanas Dinov <atanasdinov@noreply.src.opensuse.org>
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
 2025-01-17 10:18:39 +01:00
Nicolas Belouin
79dff5fce2 Add package to workflow 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-01-17 10:18:03 +01:00
Nicolas Belouin
f7a87ceaf0 Import missing package: frr-k8s-image 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
(cherry picked from commit 5490ffcde2)
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-01-17 10:16:00 +01:00
Nicolas Belouin
71e3e0b40a Merge pull request '[3.2] Add an additional tag without the _up suffix to please Rancher for dashboard extensions' (#66) from nbelouin/Factory:add-no-up-tag-extensions-3.2 into 3.2 
Reviewed-on: suse-edge/Factory#66
Reviewed-by: Atanas Dinov <atanasdinov@noreply.src.opensuse.org>
 2025-01-16 15:54:54 +01:00
Nicolas Belouin
4da1ed42d2 Add an additional tag without the _up suffix to please Rancher for dashboard extensions 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-01-16 15:47:55 +01:00
Nicolas Belouin
2ba0efdb93 Merge pull request '[3.2] Use manifest_repo var to allow for release manifest in separate repo' (#64) from nbelouin/Factory:backport-manifest-repo into 3.2 
Reviewed-on: suse-edge/Factory#64
Reviewed-by: Ivo Petrov <ipetrov117@noreply.src.opensuse.org>
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
 2025-01-10 15:15:31 +01:00
Nicolas Belouin
f0ec2699b4 Use manifest_repo var to allow for release manifest in separate repo 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>

(cherry picked from commit 2a993e342e)
 2024-12-23 14:15:00 +01:00
Nicolas Belouin
1390d88af7 IPA ramdisk git LFS fix 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2024-12-23 11:38:00 +01:00
Steven Hardy
9dfaedadf9 release-manifest: Update to Rancher prime 2.10.1 
2.10.1 was released so update to the prime version

(cherry picked from commit cab6fe1bcb)
 2024-12-20 09:40:33 +00:00
Ivo Petrov
81c1b981c2 Backport Release Manifest changes (#61) 
Backports [#60](suse-edge/Factory#60) to 3.2.

Reviewed-on: suse-edge/Factory#61
Reviewed-by: Atanas Dinov <atanasdinov@noreply.src.opensuse.org>
Co-authored-by: Ivo Petrov <ivo.petrov@suse.com>
Co-committed-by: Ivo Petrov <ivo.petrov@suse.com>
 2024-12-19 12:54:57 +01:00
Ivo Petrov
b71760b245 Backport K8s 1.31.3 release manifest version bump (#59) 
Backports [#58](suse-edge/Factory#58).

Reviewed-on: suse-edge/Factory#59
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
Reviewed-by: Atanas Dinov <atanasdinov@noreply.src.opensuse.org>
Co-authored-by: Ivo Petrov <ivo.petrov@suse.com>
Co-committed-by: Ivo Petrov <ivo.petrov@suse.com>
 2024-12-17 09:39:02 +01:00
Ivo Petrov
f5e4126dad Backport elemental dashboard release manifest change to 3.2 (#56) 
Backport: Add missing Elemental dashboard chart ([#55](suse-edge/Factory#55))
Reviewed-on: suse-edge/Factory#56
Reviewed-by: Atanas Dinov <atanasdinov@noreply.src.opensuse.org>
Co-authored-by: Ivo Petrov <ivo.petrov@suse.com>
Co-committed-by: Ivo Petrov <ivo.petrov@suse.com>
 2024-12-12 11:37:53 +01:00
Atanas Dinov
26e34cc386 [3.2] Bump Upgrade Controller and Release Manifest (#54) 
Co-authored-by: Ivo Petrov <ivo.petrov@suse.com>
Reviewed-on: suse-edge/Factory#54
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
 2024-12-12 09:39:30 +01:00
Jiří Tomášek
af59834eaf Merge pull request '[3.2] Update kubevirt-dashboard-extension-chart to v1.2.1' (#50) from jtomasek/Factory:kubevirt-extension-3.2-bkprt into 3.2 
Reviewed-on: suse-edge/Factory#50
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
 2024-12-06 11:03:10 +01:00
Jiří Tomášek
5ff222b69b Merge pull request '[3.2] Update akri-dashboard-extension-chart to v1.2.1' (#51) from jtomasek/Factory:akri-extension-3.2-bkprt into 3.2 
Reviewed-on: suse-edge/Factory#51
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
 2024-12-06 11:03:01 +01:00
Denislav Prodanov
14b56eabbe Merge pull request '[3.2] Backport rancher-turtles updates' (#47) from steven.hardy/Factory:turtles_3.2 into 3.2 
Reviewed-on: suse-edge/Factory#47
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
 2024-12-06 10:57:08 +01:00
Jiri Tomasek
d91b28fb5b Update akri-dashboard-extension-chart to v1.2.1 
(cherry picked from commit 87c7e1be88)
 2024-12-06 09:54:10 +01:00
Jiri Tomasek
4aa46388cf Update kubevirt-dashboard-extension-chart to v1.2.1 
(cherry picked from commit 568d5d1590)
 2024-12-06 09:52:36 +01:00
Steven Hardy
dfa68ba86e release-manifest: Update rancher-turtles chart 
Fix the rancher-turtles-chart version to align with #44

(cherry picked from commit fbd596290a)
 2024-12-05 17:46:29 +00:00
Steven Hardy
075e2a209c Remove CAPM3/IPAM images 
These are now provided by the rancher registry since #44

Conflicts:
	.obs/workflows.yml

(cherry picked from commit ec6c4745ea)
 2024-12-05 17:45:54 +00:00
Steven Hardy
2928b2076e rancher-turtles-airgap-resources-chart: Update to 0.14.1 upstream release 
Aligns with https://github.com/suse-edge/charts/pull/174 which
rebases to 0.14.1, which is marked as compatible with Rancher 2.10

(cherry picked from commit 856ec2ac8e)
 2024-12-05 17:43:56 +00:00
Steven Hardy
39338dd6ac rancher-turtles-chart: Update to 0.14.1 upstream release 
Aligns with https://github.com/suse-edge/charts/pull/174 which
rebases to 0.14.1, which is marked as compatible with Rancher 2.10

(cherry picked from commit 7721c66ab0)
 2024-12-05 17:43:43 +00:00
Denislav Prodanov
dfc8bb30d9 Merge pull request 'backport into 3.2 fixed versions in eib artifacts' (#43) from dprodanov/Factory:eib-3.2 into 3.2 
Reviewed-on: suse-edge/Factory#43
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
 2024-12-04 16:16:35 +01:00
Denislav Prodanov
33f56e8b23 fixed versions in eib artifacts 2024-12-04 17:12:03 +02:00
Steven Hardy
744d04b40a kiwi-builder-image: Align with OBS latest version 
Aligns with the latest fixes in isv:SUSE:Edge:KiwiBuilder/kiwi-builder-10

(cherry picked from commit 8a93aae7c5)
 2024-12-04 12:25:44 +00:00
Denislav Prodanov
5e098df843 Merge pull request 'updated longhorn and neuvector to latest 105 charts' (#39) from dprodanov/Factory:upstream-3.2 into 3.2 
Reviewed-on: suse-edge/Factory#39
Reviewed-by: Ivo Petrov <ipetrov117@noreply.src.opensuse.org>
 2024-11-28 16:23:41 +01:00
Denislav Prodanov
7555048917 updated longhorn and neuvector to latest 105 charts 2024-11-28 17:16:25 +02:00
Denislav Prodanov
e92a50d110 Merge pull request '[3.2 backport] rancher-turtles: Fix issue in 0.4.0 chart' (#37) from steven.hardy/Factory:turtles_fix_3.2 into 3.2 
Reviewed-on: suse-edge/Factory#37
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
 2024-11-27 14:08:45 +01:00
Steven Hardy
da2ad77951 rancher-turtles: Fix issue in 0.4.0 chart 
The previous import was based on a pre-merge copy of the following PR
- an issue was discovered during SV validation which required an
additional change to ensure CRDs are created before creating the
ClusterctlConfig CR

https://github.com/suse-edge/charts/pull/166
(cherry picked from commit 636493adba)
 2024-11-27 11:16:59 +00:00
Denislav Prodanov
be4fae4b18 3.2 branching 2024-11-25 15:59:33 +02:00
53 changed files with 1404 additions and 3141 deletions
Expand all files Collapse all files

30
.gitea/workflows/trigger_devel.yaml
View File

@@ -1,30 +0,0 @@
name: Trigger Devel Packages
on:
schedule:
- cron: "@daily"
jobs:
sync-pr-project:
name: "Trigger source services for devel packages that changed"
runs-on: tumbleweed
steps:
- name: Setup OSC
run: |
mkdir -p ~/.config/osc
cat >~/.config/osc/oscrc <<'EOF'
[general]
apiurl = https://api.opensuse.org
[https://api.opensuse.org]
user=${{ vars.OBS_USERNAME }}
pass=${{ secrets.OBS_PASSWORD }}
EOF
# Waiting on PR to get merged for support in upstream action/checkout action
- uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256'
name: Checkout repository
with:
object-format: 'sha256'
ref: 'devel'
- name: "Trigger packages"
run: |
python3 .obs/trigger_package.py

4
.obs/common.py
View File

@@ -1,3 +1,3 @@
PROJECT = "isv:SUSE:Edge:Factory" PROJECT = "isv:SUSE:Edge:3.2"
REPOSITORY = "https://src.opensuse.org/suse-edge/Factory" REPOSITORY = "https://src.opensuse.org/suse-edge/Factory"
BRANCH = "main" BRANCH = "3.2"

1
.obs/render_meta.py
View File

@@ -8,7 +8,6 @@ def render(base_project, subproject, internal, scm_url=None):
context = { context = {
"base_project": subproject == "", "base_project": subproject == "",
"title": f"SUSE Edge {version} {subproject}".rstrip(), "title": f"SUSE Edge {version} {subproject}".rstrip(),
"ironic_base": "ISV:SUSE:Edge:Ironic" if internal else "Cloud:OpenStack",
} }
if subproject == "ToTest": if subproject == "ToTest":
context["project"] = f"{base_project}:ToTest" context["project"] = f"{base_project}:ToTest"

4
_config
View File

@@ -87,7 +87,6 @@ BuildFlags: onlybuild:release-manifest-image
BuildFlags: onlybuild:metallb-controller-image BuildFlags: onlybuild:metallb-controller-image
BuildFlags: onlybuild:metallb-speaker-image BuildFlags: onlybuild:metallb-speaker-image
BuildFlags: onlybuild:nm-configurator BuildFlags: onlybuild:nm-configurator
BuildFlags: onlybuild:shim-noarch
%endif %endif
%endif %endif
@@ -114,9 +113,6 @@ BuildFlags: onlybuild:release-manifest-image
%if "%_repository" == "standard" %if "%_repository" == "standard"
# for build openstack-ironic-image # for build openstack-ironic-image
BuildFlags: allowrootforbuild BuildFlags: allowrootforbuild
# ironic-ipa-ramdisk are noarch packages that need to be availble to both archs
ExportFilter: ^ironic-ipa-ramdisk-.*\.noarch\.rpm$ aarch64 x86_64
%endif %endif
# Enable reproducible builds # Enable reproducible builds

2
_meta
View File

@@ -47,7 +47,7 @@
{%- if release_project is defined and not for_release %} {%- if release_project is defined and not for_release %}
<releasetarget project="{{ release_project }}" repository="standard" trigger="manual"/> <releasetarget project="{{ release_project }}" repository="standard" trigger="manual"/>
{%- endif %} {%- endif %}
<path project="{{ ironic_base }}:2024.2" repository="15.6"/> <path project="Cloud:OpenStack:2024.2" repository="15.6"/>
<path project="SUSE:SLE-15-SP6:Update" repository="standard"/> <path project="SUSE:SLE-15-SP6:Update" repository="standard"/>
<arch>x86_64</arch> <arch>x86_64</arch>
<arch>aarch64</arch> <arch>aarch64</arch>

21
ironic-image/Dockerfile
View File

@@ -1,6 +1,6 @@
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.2 #!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.3
#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.2-%RELEASE% #!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.3-%RELEASE%
#!BuildVersion: 15.6 #!BuildVersion: 15.6
ARG SLE_VERSION ARG SLE_VERSION
@@ -8,8 +8,14 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
RUN zypper -n in --no-recommends shim-x86_64 shim-aarch64 grub2-x86_64-efi grub2-arm64-efi dosfstools mtools #!ArchExclusiveLine: x86_64
RUN if [ "$(uname -m)" = "x86_64" ];then \
zypper -n in --no-recommends gcc git make xz-devel shim dosfstools mtools glibc-extra grub2-x86_64-efi grub2; zypper -n clean; rm -rf /var/log/*; \
fi
#!ArchExclusiveLine: aarch64
RUN if [ "$(uname -m)" = "aarch64" ];then \
zypper -n rm kubic-locale-archive-2.31-10.36.noarch openssl-1_1-1.1.1l-150500.17.37.1.aarch64; zypper -n in --no-recommends gcc git make xz-devel openssl-3 mokutil shim dosfstools mtools glibc glibc-extra grub2 grub2-arm64-efi; zypper -n clean; rm -rf /var/log/* ;\
fi
WORKDIR /tmp WORKDIR /tmp
COPY prepare-efi.sh /bin/ COPY prepare-efi.sh /bin/
RUN set -euo pipefail; chmod +x /bin/prepare-efi.sh RUN set -euo pipefail; chmod +x /bin/prepare-efi.sh
@@ -40,8 +46,8 @@ LABEL org.opencontainers.image.description="Openstack Ironic based on the SLE Ba
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/" LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%" LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC" LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opencontainers.image.version="26.1.2.2" LABEL org.opencontainers.image.version="26.1.2.3"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.2-%RELEASE%" LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.3-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%" LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%" LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024" LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -82,8 +88,7 @@ RUN if [ "$(uname -m)" = "aarch64" ]; then\
cp /usr/share/ipxe/snp-arm64.efi /tftpboot/ipxe.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp-arm64.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp.efi ;\ cp /usr/share/ipxe/snp-arm64.efi /tftpboot/ipxe.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp-arm64.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp.efi ;\
fi fi
COPY --from=base /tmp/esp-x86_64.img /tmp/uefi_esp-x86_64.img COPY --from=base /tmp/esp.img /tmp/uefi_esp.img
COPY --from=base /tmp/esp-aarch64.img /tmp/uefi_esp-arm64.img
COPY ironic.conf.j2 /etc/ironic/ COPY ironic.conf.j2 /etc/ironic/
COPY inspector.ipxe.j2 httpd-ironic-api.conf.j2 ipxe_config.template /tmp/ COPY inspector.ipxe.j2 httpd-ironic-api.conf.j2 ipxe_config.template /tmp/

18
ironic-image/apache2-vmedia.conf.j2
View File

@@ -10,17 +10,15 @@ Listen {{ env.VMEDIA_TLS_PORT }}
SSLCertificateFile {{ env.IRONIC_VMEDIA_CERT_FILE }} SSLCertificateFile {{ env.IRONIC_VMEDIA_CERT_FILE }}
SSLCertificateKeyFile {{ env.IRONIC_VMEDIA_KEY_FILE }} SSLCertificateKeyFile {{ env.IRONIC_VMEDIA_KEY_FILE }}
<Directory ~ "/shared/html"> <Directory "/shared">
Order deny,allow AllowOverride None
deny from all Require all granted
</Directory> </Directory>
<Directory ~ "/shared/html/(redfish|ilo)/">
Order allow,deny <Directory "/shared/html">
allow from all Options Indexes FollowSymLinks
</Directory> AllowOverride None
<Directory ~ "/shared/html/images/"> Require all granted
Order allow,deny
allow from all
</Directory> </Directory>
</VirtualHost> </VirtualHost>

2
ironic-image/configure-ironic.sh
View File

@@ -68,7 +68,7 @@ if [[ -n "$IRONIC_EXTERNAL_IP" ]]; then
fi fi
fi fi
IMAGE_CACHE_PREFIX="/shared/html/images/ironic-python-agent-${DEPLOY_ARCHITECTURE}" IMAGE_CACHE_PREFIX=/shared/html/images/ironic-python-agent
if [[ -f "${IMAGE_CACHE_PREFIX}.kernel" ]] && [[ -f "${IMAGE_CACHE_PREFIX}.initramfs" ]]; then if [[ -f "${IMAGE_CACHE_PREFIX}.kernel" ]] && [[ -f "${IMAGE_CACHE_PREFIX}.initramfs" ]]; then
export IRONIC_DEFAULT_KERNEL="${IMAGE_CACHE_PREFIX}.kernel" export IRONIC_DEFAULT_KERNEL="${IMAGE_CACHE_PREFIX}.kernel"
export IRONIC_DEFAULT_RAMDISK="${IMAGE_CACHE_PREFIX}.initramfs" export IRONIC_DEFAULT_RAMDISK="${IMAGE_CACHE_PREFIX}.initramfs"

4
ironic-image/inspector.ipxe.j2
View File

@@ -5,6 +5,6 @@ echo In inspector.ipxe
imgfree imgfree
# NOTE(dtantsur): keep inspection kernel params in [mdns]params in # NOTE(dtantsur): keep inspection kernel params in [mdns]params in
# ironic-inspector-image and configuration in configure-ironic.sh # ironic-inspector-image and configuration in configure-ironic.sh
kernel --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent-${buildarch}.kernel ipa-insecure=1 ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {{ env.INSPECTOR_EXTRA_ARGS }} initrd=ironic-python-agent.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot kernel --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.kernel ipa-insecure=1 ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {{ env.INSPECTOR_EXTRA_ARGS }} initrd=ironic-python-agent.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot
initrd --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent-${buildarch}.initramfs || goto retry_boot initrd --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.initramfs || goto retry_boot
boot boot

4
ironic-image/ironic.conf.j2
View File

@@ -83,7 +83,7 @@ send_sensor_data = {{ env.SEND_SENSOR_DATA }}
# Power state is checked every 60 seconds and BMC activity should # Power state is checked every 60 seconds and BMC activity should
# be avoided more often than once every sixty seconds. # be avoided more often than once every sixty seconds.
send_sensor_data_interval = 160 send_sensor_data_interval = 160
bootloader = http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/uefi_esp-{{ env.DEPLOY_ARCHITECTURE }}.img bootloader = {{ env.IRONIC_BOOT_BASE_URL }}/uefi_esp.img
verify_step_priority_override = management.clear_job_queue:90 verify_step_priority_override = management.clear_job_queue:90
# We don't use this feature, and it creates an additional load on the database # We don't use this feature, and it creates an additional load on the database
node_history = False node_history = False
@@ -112,7 +112,7 @@ default_boot_option = local
erase_devices_metadata_priority = 10 erase_devices_metadata_priority = 10
erase_devices_priority = 0 erase_devices_priority = 0
http_root = /shared/html/ http_root = /shared/html/
http_url = http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }} http_url = {{ env.IRONIC_BOOT_BASE_URL }}
fast_track = {{ env.IRONIC_FAST_TRACK }} fast_track = {{ env.IRONIC_FAST_TRACK }}
{% if env.IRONIC_BOOT_ISO_SOURCE %} {% if env.IRONIC_BOOT_ISO_SOURCE %}
ramdisk_image_download_source = {{ env.IRONIC_BOOT_ISO_SOURCE }} ramdisk_image_download_source = {{ env.IRONIC_BOOT_ISO_SOURCE }}

51
ironic-image/prepare-efi.sh
View File

@@ -2,26 +2,41 @@
set -euxo pipefail set -euxo pipefail
declare -A efi_arch=( ARCH=$(uname -m)
["x86_64"]="X64" DEST=${2:-/tmp/esp.img}
["aarch64"]="AA64" OS=${1:-sles}
)
for arch in "${!efi_arch[@]}"; do if [ $ARCH = "aarch64" ]; then
BOOTEFI=BOOTAA64.EFI
GRUBEFI=grubaa64.efi
else
BOOTEFI=BOOTX64.efi
GRUBEFI=grubx64.efi
fi
DEST=/tmp/esp-${arch}.img dd bs=1024 count=6400 if=/dev/zero of=$DEST
mkfs.msdos -F 12 -n 'ESP_IMAGE' $DEST
dd bs=1024 count=6400 if=/dev/zero of=$DEST
mkfs.msdos -F 12 -n 'ESP_IMAGE' $DEST
mmd -i $DEST EFI
mmd -i $DEST EFI/BOOT
mcopy -i $DEST -v /usr/share/efi/${arch}/shim.efi ::EFI/BOOT/BOOT${efi_arch[$arch]}.EFI
mcopy -i $DEST -v /usr/share/efi/${arch}/grub.efi ::EFI/BOOT/GRUB.EFI
mdir -i $DEST ::EFI/BOOT;
done
mkdir -p /boot/efi/EFI/BOOT
mkdir -p /boot/efi/EFI/$OS
if [ $ARCH = "aarch64" ]; then
cp -L /usr/share/efi/aarch64/shim.efi /boot/efi/EFI/BOOT/$BOOTEFI
cp -L /usr/share/efi/aarch64/grub.efi /boot/efi/EFI/BOOT/grub.efi
cp /usr/share/grub2/arm64-efi/grub.efi /boot/efi/EFI/$OS/grubaa64.efi
else
cp -L /usr/lib64/efi/shim.efi /boot/efi/EFI/BOOT/$BOOTEFI
#cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/$GRUBEFI
cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/grub.efi
fi
mmd -i $DEST EFI
mmd -i $DEST EFI/BOOT
mcopy -i $DEST -v /boot/efi/EFI/BOOT/$BOOTEFI ::EFI/BOOT
if [ $ARCH = "aarch64" ]; then
mcopy -i $DEST -v /boot/efi/EFI/BOOT/grub.efi ::EFI/BOOT
mcopy -i $DEST -v /boot/efi/EFI/$OS/$GRUBEFI ::EFI/BOOT
else
mcopy -i $DEST -v /boot/efi/EFI/$OS/grub.efi ::EFI/BOOT
fi
mdir -i $DEST ::EFI/BOOT;

2
ironic-image/runhttpd
View File

@@ -39,7 +39,7 @@ export INSPECTOR_EXTRA_ARGS
# Copy files to shared mount # Copy files to shared mount
render_j2_config /tmp/inspector.ipxe.j2 /shared/html/inspector.ipxe render_j2_config /tmp/inspector.ipxe.j2 /shared/html/inspector.ipxe
cp /tmp/uefi_esp*.img /shared/html/ cp /tmp/uefi_esp.img /shared/html/uefi_esp.img
# Render the core httpd config # Render the core httpd config
render_j2_config /etc/httpd/conf/httpd.conf.j2 /etc/httpd/conf/httpd.conf render_j2_config /etc/httpd/conf/httpd.conf.j2 /etc/httpd/conf/httpd.conf

14
ironic-ipa-downloader-image/Dockerfile
View File

@@ -8,8 +8,15 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/ COPY --from=micro / /installroot/
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 ironic-ipa-ramdisk-aarch64 tar gawk curl xz zstd shadow cpio findutils #!ArchExclusiveLine: x86_64
RUN if [ "$(uname -m)" = "x86_64" ];then \
zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*; \
fi
#!ArchExclusiveLine: aarch64
RUN if [ "$(uname -m)" = "aarch64" ];then \
zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-aarch64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*; \
fi
#RUN zypper --installroot /installroot --non-interactive install --no-recommends sles-release;
RUN cp /usr/bin/getopt /installroot/ RUN cp /usr/bin/getopt /installroot/
FROM micro AS final FROM micro AS final
@@ -34,9 +41,8 @@ LABEL com.suse.release-stage="released"
COPY --from=base /installroot / COPY --from=base /installroot /
RUN cp /getopt /usr/bin/ RUN cp /getopt /usr/bin/
RUN cp /srv/tftpboot/openstack-ironic-image/initrd*.zst /tmp RUN cp /srv/tftpboot/openstack-ironic-image/initrd.xz /tmp
RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp
RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
# configure non-root user # configure non-root user
COPY configure-nonroot.sh /bin/ COPY configure-nonroot.sh /bin/
RUN set -euo pipefail; chmod +x /bin/configure-nonroot.sh RUN set -euo pipefail; chmod +x /bin/configure-nonroot.sh

68
ironic-ipa-downloader-image/get-resource.sh
View File

@@ -6,33 +6,12 @@ export http_proxy=${http_proxy:-$HTTP_PROXY}
export https_proxy=${https_proxy:-$HTTPS_PROXY} export https_proxy=${https_proxy:-$HTTPS_PROXY}
export no_proxy=${no_proxy:-$NO_PROXY} export no_proxy=${no_proxy:-$NO_PROXY}
if [ -d "/tmp/ironic-certificates" ]; then
sha256sum /tmp/ironic-certificates/* > /tmp/certificates.sha256
if cmp "/shared/certificates.sha256" "/tmp/certificates.sha256"; then
CERTS_CHANGED=1
else
CERTS_CHANGED=0
fi
fi
# Which image should we use # Which image should we use
if [ -z "${IPA_BASEURI}" ]; then if [ -z "${IPA_BASEURI}" ]; then
if cmp "/shared/images.sha256" "/tmp/images.sha256"; then # SLES BASED IPA - ironic-ipa-ramdisk-x86_64 package
if [ "${CERTS_CHANGED:-1}" = "1" ]; then
# everything is the same exit early
exit 0
fi
fi
IMAGE_CHANGED=0
# SLES BASED IPA - ironic-ipa-ramdisk-x86_64 and ironic-ipa-ramdisk-aarch64 packages
mkdir -p /shared/html/images mkdir -p /shared/html/images
cp /tmp/initrd-x86_64.zst /shared/html/images/ironic-python-agent-x86_64.initramfs cp /tmp/initrd.xz /shared/html/images/ironic-python-agent.initramfs
cp /tmp/openstack-ironic-image.x86_64*.kernel /shared/html/images/ironic-python-agent-x86_64.kernel cp /tmp/openstack-ironic-image*.kernel /shared/html/images/ironic-python-agent.kernel
# Use arm64 as destination for iPXE compatibility
cp /tmp/initrd-aarch64.zst /shared/html/images/ironic-python-agent-arm64.initramfs
cp /tmp/openstack-ironic-image.aarch64*.kernel /shared/html/images/ironic-python-agent-arm64.kernel
cp /tmp/images.sha256 /shared/images.sha256
else else
FILENAME=ironic-python-agent FILENAME=ironic-python-agent
FILENAME_EXT=.tar FILENAME_EXT=.tar
@@ -46,56 +25,47 @@ else
# If we have a CACHEURL and nothing has yet been downloaded # If we have a CACHEURL and nothing has yet been downloaded
# get header info from the cache # get header info from the cache
ls -l ls -l
if [ -n "$CACHEURL" ] && [ ! -e $FFILENAME.headers ] ; then if [ -n "$CACHEURL" -a ! -e $FFILENAME.headers ] ; then
curl -g --verbose --fail -O "$CACHEURL/$FFILENAME.headers" || true curl -g --verbose --fail -O "$CACHEURL/$FFILENAME.headers" || true
fi fi
# Download the most recent version of IPA # Download the most recent version of IPA
if [ -e $FFILENAME.headers ] ; then if [ -e $FFILENAME.headers ] ; then
ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\r") ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\r")
cd "$TMPDIR" cd $TMPDIR
curl -g --verbose --dump-header $FFILENAME.headers -O "$IPA_BASEURI/$FFILENAME" --header "If-None-Match: $ETAG" || cp /shared/html/images/$FFILENAME.headers . curl -g --verbose --dump-header $FFILENAME.headers -O $IPA_BASEURI/$FFILENAME --header "If-None-Match: $ETAG" || cp /shared/html/images/$FFILENAME.headers .
# curl didn't download anything because we have the ETag already # curl didn't download anything because we have the ETag already
# but we don't have it in the images directory # but we don't have it in the images directory
# Its in the cache, go get it # Its in the cache, go get it
ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\"\r") ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\"\r")
if [ ! -s $FFILENAME ] && [ ! -e "/shared/html/images/$FILENAME-$ETAG/$FFILENAME" ] ; then if [ ! -s $FFILENAME -a ! -e /shared/html/images/$FILENAME-$ETAG/$FFILENAME ] ; then
mv /shared/html/images/$FFILENAME.headers . mv /shared/html/images/$FFILENAME.headers .
curl -g --verbose -O "$CACHEURL/$FILENAME-$ETAG/$FFILENAME" curl -g --verbose -O "$CACHEURL/$FILENAME-$ETAG/$FFILENAME"
fi fi
else else
cd "$TMPDIR" cd $TMPDIR
curl -g --verbose --dump-header $FFILENAME.headers -O "$IPA_BASEURI/$FFILENAME" curl -g --verbose --dump-header $FFILENAME.headers -O $IPA_BASEURI/$FFILENAME
fi fi
if [ -s $FFILENAME ] ; then if [ -s $FFILENAME ] ; then
tar -xf $FFILENAME tar -xf $FFILENAME
xz -d -c -k --fast $FILENAME.initramfs | zstd -c > $FILENAME.initramfs.zstd
mv $FILENAME.initramfs.zstd $FILENAME.initramfs
ARCH=$(file -b ${FILENAME}.kernel | cut -d ' ' -f 3)
if [ "$ARCH" = "x86" ]; then
ARCH="x86_64"
fi
ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\"\r") ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\"\r")
cd - cd -
chmod 755 "$TMPDIR" chmod 755 $TMPDIR
mv "$TMPDIR" "$FILENAME-$ETAG" mv $TMPDIR $FILENAME-$ETAG
ln -sf "$FILENAME-$ETAG/$FFILENAME.headers" "$FFILENAME.headers" ln -sf $FILENAME-$ETAG/$FFILENAME.headers $FFILENAME.headers
ln -sf "$FILENAME-$ETAG/$FILENAME.initramfs" "$FILENAME-${ARCH,,}.initramfs" ln -sf $FILENAME-$ETAG/$FILENAME.initramfs $FILENAME.initramfs
ln -sf "$FILENAME-$ETAG/$FILENAME.kernel" "$FILENAME-${ARCH,,}.kernel" ln -sf $FILENAME-$ETAG/$FILENAME.kernel $FILENAME.kernel
IMAGE_CHANGED=0
else else
rm -rf "$TMPDIR" rm -rf $TMPDIR
fi fi
fi fi
if [ "${CERTS_CHANGED:-1}" = "0" ] || [ "${IMAGE_CHANGED:-1}" = "0" ]; then if [ -d "/tmp/ironic-certificates" ]; then
mkdir -p /tmp/ca/tmp-initrd && cd /tmp/ca/tmp-initrd mkdir -p /tmp/ca/tmp-initrd && cd /tmp/ca/tmp-initrd
xz -d -c -k --fast /shared/html/images/ironic-python-agent.initramfs | fakeroot -s ../initrd.fakeroot cpio -i
mkdir -p etc/ironic-python-agent.d/ca-certs mkdir -p etc/ironic-python-agent.d/ca-certs
cp /tmp/ironic-certificates/* etc/ironic-python-agent.d/ca-certs/ cp /tmp/ironic-certificates/* etc/ironic-python-agent.d/ca-certs/
for initramfs in /shared/html/images/ironic-python-agent-*.initramfs; do find . | fakeroot -i ../initrd.fakeroot cpio -o -H newc | xz --check=crc32 --x86 --lzma2 --fast > /shared/html/images/ironic-python-agent.initramfs
find . | cpio -o -H newc --reproducible | zstd -c >> "${initramfs}"
done
cp /tmp/certificates.sha256 /shared/certificates.sha256
fi fi

2
ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi
View File

@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<image schemaversion="7.4" name="openstack-ironic-image"> <image schemaversion="7.4" name="openstack-ironic-image-301">
<description type="system"> <description type="system">
<author>Cloud developers</author> <author>Cloud developers</author>
<contact>cloud-devel@suse.de</contact> <contact>cloud-devel@suse.de</contact>

6
ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec
View File

@@ -148,8 +148,10 @@ TDIR=`mktemp -d /tmp/openstack-ironic-image.XXXXX`
cd /tmp/openstack-ironic-image/img/build/image-root cd /tmp/openstack-ironic-image/img/build/image-root
find . | cpio --create --format=newc --quiet > $TDIR/initrdtmp find . | cpio --create --format=newc --quiet > $TDIR/initrdtmp
cd $TDIR cd $TDIR
zstd initrdtmp -o initrd-%{_arch}.zst gzip -9 -f initrdtmp
INITRD=`ls *.zst | head -1` INITRDGZ=`ls *.gz | head -1`
gzip -cd $INITRDGZ | xz --check=crc32 -c9 > initrd.xz
INITRD=`ls *.xz | head -1`
ls /tmp/openstack-ironic-image/img/openstack-ironic-image* ls /tmp/openstack-ironic-image/img/openstack-ironic-image*
KERNEL=`ls /tmp/openstack-ironic-image/img/openstack-ironic-image*default*kernel | head -1` KERNEL=`ls /tmp/openstack-ironic-image/img/openstack-ironic-image*default*kernel | head -1`

6
kiwi-builder-image/Dockerfile
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.1.16.1 #!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.1.16.0
#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.1.16.1-%RELEASE% #!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.1.16.0-%RELEASE%
FROM registry.suse.com/bci/kiwi:10.1.16 FROM registry.suse.com/bci/kiwi:10.1.16
MAINTAINER SUSE LLC (https://www.suse.com/) MAINTAINER SUSE LLC (https://www.suse.com/)
@@ -12,7 +12,7 @@ LABEL org.opencontainers.image.version="%PACKAGE_VERSION%"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/" LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%" LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC" LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kiwi-builder:10.1.16.1" LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kiwi-builder:10.1.16.0"
LABEL org.openbuildservice.disturl="%DISTURL%" LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%" LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024" LABEL com.suse.eula="SUSE Combined EULA February 2024"

26
kiwi-builder-image/README
View File

@@ -2,13 +2,13 @@
Kiwi SDK Image Instructions Kiwi SDK Image Instructions
########################### ###########################
Please ensure that you're running this on a registered SUSE Linux Micro 6.1 system, and make sure that SELinux is disabled: Please ensure that you're running this on a registered SLE Micro 6.0 system, and make sure that SELinux is disabled:
# setenforce 0 # setenforce 0
Next, download the podman image: Next, download the podman image:
# podman pull %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 # podman pull %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.0
Make a local output directory (where the images will reside): Make a local output directory (where the images will reside):
@@ -16,40 +16,40 @@ Make a local output directory (where the images will reside):
Then, to build a standard "Base" image, run the following in podman: Then, to build a standard "Base" image, run the following in podman:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image # podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.0 build-image
To build a "Base" SelfInstall ISO, you can add additional flags, for example: To build a "Base" SelfInstall ISO, you can add additional flags, for example:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image -p Base-SelfInstall # podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.0 build-image -p Base-SelfInstall
Then, to build a standard "Default" image, run the following in podman: Then, to build a standard "Default" image, run the following in podman:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image -p Default # podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.0 build-image -p Default
To build a "Default" SelfInstall ISO, you can add additional flags, for example: To build a "Default" SelfInstall ISO, you can add additional flags, for example:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image -p Default-SelfInstall # podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.0 build-image -p Default-SelfInstall
To build an image with a RealTime kernel, e.g. a RAW disk image ("Default"), use the following: To build an image with a RealTime kernel, e.g. a RAW disk image ("Default"), use the following:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image -p Base-RT # podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.0 build-image -p Base-RT
To build an image that supports a large block/sectorsize (4096), use the "-b" flag, for example: To build an image that supports a large block/sectorsize (4096), use the "-b" flag, for example:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image -p Default-SelfInstall -b # podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.0 build-image -p Default-SelfInstall -b
# mkdir mydefs/ # mkdir mydefs/
# cp /path/to/SL-Micro.kiwi mydefs/ # cp /path/to/SL-Micro.kiwi mydefs/
# cp /path/to/config.sh mydefs/ # cp /path/to/config.sh mydefs/
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -v ./mydefs/:/micro-sdk/defs/ -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image # podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -v ./mydefs/:/micro-sdk/defs/ -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.0 build-image
All output will be in the local $(pwd)/output directory, for example: All output will be in the local $(pwd)/output directory, for example:
# ls -1 output/ # ls -1 output/
SLE-Micro.x86_64-6.1.changes SLE-Micro.x86_64-6.0.changes
SLE-Micro.x86_64-6.1.packages SLE-Micro.x86_64-6.0.packages
SLE-Micro.x86_64-6.1.raw SLE-Micro.x86_64-6.0.raw
SLE-Micro.x86_64-6.1.verified SLE-Micro.x86_64-6.0.verified
build build
kiwi.result kiwi.result
kiwi.result.json kiwi.result.json

372
kiwi-builder-image/SL-Micro.kiwi
View File

@@ -33,12 +33,6 @@
<profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64"> <profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
<requires profile="bootloader"/> <requires profile="bootloader"/>
</profile> </profile>
<profile name="aarch64-rt" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-rt-self_install" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-legacy" description="Raw disk for x86_64 - legacy boot" arch="x86_64"> <profile name="x86-legacy" description="Raw disk for x86_64 - legacy boot" arch="x86_64">
<requires profile="bootloader"/> <requires profile="bootloader"/>
</profile> </profile>
@@ -69,21 +63,6 @@
<profile name="s390-fba" description="Raw disk for s390 - DASD" arch="s390x"> <profile name="s390-fba" description="Raw disk for s390 - DASD" arch="s390x">
<requires profile="bootloader"/> <requires profile="bootloader"/>
</profile> </profile>
<profile name="s390-fcp" description="Raw disk for s390 - SCSI" arch="s390x">
<requires profile="bootloader"/>
</profile>
<profile name="ppc64le-512ss" description="Raw disk for PPc64 - 512 sector size" arch="ppc64le">
<requires profile="bootloader"/>
</profile>
<profile name="ppc64le-4096ss" description="Raw disk for PPc64 - 4096 sector size" arch="ppc64le">
<requires profile="bootloader"/>
</profile>
<profile name="ppc64le-512ss-self_install" description="Raw disk for PPc64 - 512 sector size" arch="ppc64le">
<requires profile="bootloader"/>
</profile>
<profile name="ppc64le-4096ss-self_install" description="Raw disk for PPc64 - 4096 sector size" arch="ppc64le">
<requires profile="bootloader"/>
</profile>
<!-- Images (flavor + platform) --> <!-- Images (flavor + platform) -->
<profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64"> <profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
<requires profile="full"/> <requires profile="full"/>
@@ -161,15 +140,6 @@
<requires profile="x86-rt-self_install"/> <requires profile="x86-rt-self_install"/>
<requires profile="self_install"/> <requires profile="self_install"/>
</profile> </profile>
<profile name="Base-RT" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-rt"/>
</profile>
<profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-rt-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x"> <profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
<requires profile="full"/> <requires profile="full"/>
<requires profile="s390-kvm"/> <requires profile="s390-kvm"/>
@@ -194,14 +164,6 @@
<requires profile="container-host"/> <requires profile="container-host"/>
<requires profile="s390-fba"/> <requires profile="s390-fba"/>
</profile> </profile>
<profile name="Default-fcp" description="SL Micro with Podman and KVM as raw image for zFCP on System z" arch="s390x">
<requires profile="full"/>
<requires profile="s390-fcp"/>
</profile>
<profile name="Base-fcp" description="SL Micro with Podman as raw image for zFCP on System z" arch="s390x">
<requires profile="container-host"/>
<requires profile="s390-fcp"/>
</profile>
<profile name="Default-legacy" description="SL Micro with Podman as raw image with legacy boot" arch="x86_64"> <profile name="Default-legacy" description="SL Micro with Podman as raw image with legacy boot" arch="x86_64">
<requires profile="full"/> <requires profile="full"/>
<requires profile="x86-legacy"/> <requires profile="x86-legacy"/>
@@ -222,47 +184,10 @@
<requires profile="container-host"/> <requires profile="container-host"/>
<requires profile="aarch64-qcow"/> <requires profile="aarch64-qcow"/>
</profile> </profile>
<profile name="Base-512" description="SL Micro with Podman as raw image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="container-host"/>
<requires profile="ppc64le-512ss"/>
</profile>
<profile name="Base-4096" description="SL Micro with Podman as raw image for ppc64le with 4096b sector size" arch="ppc64le">
<requires profile="container-host"/>
<requires profile="ppc64le-4096ss"/>
</profile>
<profile name="Base-512-SelfInstall" description="SL Micro with Podman as self-install image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="container-host"/>
<requires profile="ppc64le-512ss-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Base-4096-SelfInstall" description="SL Micro with Podman as self-install image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="container-host"/>
<requires profile="ppc64le-4096ss-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default-512" description="SL Micro with Podman and KVM as raw image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="full"/>
<requires profile="ppc64le-512ss"/>
</profile>
<profile name="Default-4096" description="SL Micro with Podman and KVM as raw image for ppc64le with 4096b sector size" arch="ppc64le">
<requires profile="full"/>
<requires profile="ppc64le-4096ss"/>
</profile>
<profile name="Default-512-SelfInstall" description="SL Micro with Podman and KVM as self-install image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="full"/>
<requires profile="ppc64le-512ss-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default-4096-SelfInstall" description="SL Micro with Podman and KVM as self-install image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="full"/>
<requires profile="ppc64le-4096ss-self_install"/>
<requires profile="self_install"/>
</profile>
</profiles> </profiles>
<preferences profiles="x86-encrypted,x86-rt-encrypted"> <preferences profiles="x86-encrypted,x86-rt-encrypted">
<version>6.1</version> <version>6.0</version>
<packagemanager>zypper</packagemanager> <packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme> <bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme> <bootloader-theme>SLE</bootloader-theme>
@@ -273,7 +198,7 @@
initrd_system="dracut" initrd_system="dracut"
filesystem="btrfs" filesystem="btrfs"
firmware="uefi" firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0" kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false" bootpartition="false"
bootkernel="custom" bootkernel="custom"
devicepersistency="by-uuid" devicepersistency="by-uuid"
@@ -286,7 +211,7 @@
luks_pbkdf="pbkdf2" luks_pbkdf="pbkdf2"
> >
<luksformat> <luksformat>
<option name="--cipher" value="aes-xts-plain64"/> <option name="--cipher" value="aes"/>
</luksformat> </luksformat>
<bootloader name="grub2" console="gfxterm" use_disk_password="true" /> <bootloader name="grub2" console="gfxterm" use_disk_password="true" />
<systemdisk> <systemdisk>
@@ -305,7 +230,7 @@
</type> </type>
</preferences> </preferences>
<preferences profiles="x86,x86-rt"> <preferences profiles="x86,x86-rt">
<version>6.1</version> <version>6.0</version>
<packagemanager>zypper</packagemanager> <packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme> <bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme> <bootloader-theme>SLE</bootloader-theme>
@@ -316,7 +241,7 @@
initrd_system="dracut" initrd_system="dracut"
filesystem="btrfs" filesystem="btrfs"
firmware="uefi" firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0" kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false" bootpartition="false"
bootkernel="custom" bootkernel="custom"
devicepersistency="by-uuid" devicepersistency="by-uuid"
@@ -341,7 +266,7 @@
</preferences> </preferences>
<preferences profiles="x86-self_install,x86-rt-self_install"> <preferences profiles="x86-self_install,x86-rt-self_install">
<version>6.1</version> <version>6.0</version>
<packagemanager>zypper</packagemanager> <packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme> <bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme> <bootloader-theme>SLE</bootloader-theme>
@@ -351,12 +276,11 @@
image="oem" image="oem"
initrd_system="dracut" initrd_system="dracut"
installiso="true" installiso="true"
installpxe="true"
filesystem="btrfs" filesystem="btrfs"
installboot="install" installboot="install"
install_continue_on_timeout="false" install_continue_on_timeout="false"
firmware="uefi" firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0" kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false" bootpartition="false"
bootkernel="custom" bootkernel="custom"
devicepersistency="by-uuid" devicepersistency="by-uuid"
@@ -380,8 +304,8 @@
</type> </type>
</preferences> </preferences>
<preferences profiles="rpi,aarch64-rt"> <preferences profiles="rpi">
<version>6.1</version> <version>6.0</version>
<packagemanager>zypper</packagemanager> <packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme> <bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme> <bootloader-theme>SLE</bootloader-theme>
@@ -396,7 +320,7 @@
install_continue_on_timeout="false" install_continue_on_timeout="false"
fsmountoptions="noatime" fsmountoptions="noatime"
firmware="uefi" firmware="uefi"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0" kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false" bootpartition="false"
devicepersistency="by-uuid" devicepersistency="by-uuid"
btrfs_root_is_snapshot="true" btrfs_root_is_snapshot="true"
@@ -420,8 +344,8 @@
</systemdisk> </systemdisk>
</type> </type>
</preferences> </preferences>
<preferences profiles="aarch64-self_install,aarch64-rt-self_install"> <preferences profiles="aarch64-self_install">
<version>6.1</version> <version>6.0</version>
<packagemanager>zypper</packagemanager> <packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme> <bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme> <bootloader-theme>SLE</bootloader-theme>
@@ -431,13 +355,12 @@
image="oem" image="oem"
initrd_system="dracut" initrd_system="dracut"
installiso="true" installiso="true"
installpxe="true"
filesystem="btrfs" filesystem="btrfs"
installboot="install" installboot="install"
install_continue_on_timeout="false" install_continue_on_timeout="false"
firmware="uefi" firmware="uefi"
efipartsize="128" efipartsize="128"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0" kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false" bootpartition="false"
bootkernel="custom" bootkernel="custom"
devicepersistency="by-uuid" devicepersistency="by-uuid"
@@ -462,22 +385,22 @@
</preferences> </preferences>
<preferences profiles="s390-kvm"> <preferences profiles="s390-kvm">
<version>6.1</version> <version>6.0</version>
<packagemanager>zypper</packagemanager> <packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme> <bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme> <bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs> <rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale> <locale>en_US</locale>
<!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
<type <type
image="oem" image="oem"
filesystem="btrfs" filesystem="btrfs"
bootpartition="true" bootpartition="true"
bootpartsize="300" bootpartsize="300"
bootfilesystem="ext4" bootfilesystem="ext2"
initrd_system="dracut" initrd_system="dracut"
format="qcow2" format="qcow2"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal" kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
devicepersistency="by-uuid" devicepersistency="by-uuid"
btrfs_root_is_snapshot="true" btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true" btrfs_root_is_readonly_snapshot="true"
@@ -500,7 +423,7 @@
<preferences profiles="s390-dasd"> <preferences profiles="s390-dasd">
<version>6.1</version> <version>6.0</version>
<packagemanager>zypper</packagemanager> <packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme> <bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme> <bootloader-theme>SLE</bootloader-theme>
@@ -511,9 +434,9 @@
filesystem="btrfs" filesystem="btrfs"
bootpartition="true" bootpartition="true"
bootpartsize="300" bootpartsize="300"
bootfilesystem="ext4" bootfilesystem="ext2"
initrd_system="dracut" initrd_system="dracut"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1" kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
devicepersistency="by-uuid" devicepersistency="by-uuid"
target_blocksize="4096" target_blocksize="4096"
btrfs_root_is_snapshot="true" btrfs_root_is_snapshot="true"
@@ -538,7 +461,7 @@
<preferences profiles="s390-fba"> <preferences profiles="s390-fba">
<version>6.1</version> <version>6.0</version>
<packagemanager>zypper</packagemanager> <packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme> <bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme> <bootloader-theme>SLE</bootloader-theme>
@@ -549,9 +472,9 @@
filesystem="btrfs" filesystem="btrfs"
bootpartition="true" bootpartition="true"
bootpartsize="300" bootpartsize="300"
bootfilesystem="ext4" bootfilesystem="ext2"
initrd_system="dracut" initrd_system="dracut"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1" kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
devicepersistency="by-uuid" devicepersistency="by-uuid"
btrfs_root_is_snapshot="true" btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true" btrfs_root_is_readonly_snapshot="true"
@@ -572,47 +495,9 @@
</type> </type>
</preferences> </preferences>
<preferences profiles="s390-fcp">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
filesystem="btrfs"
installpxe="true"
bootpartition="true"
bootpartsize="300"
bootfilesystem="ext4"
initrd_system="dracut"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<oemconfig>
<oem-multipath-scan>true</oem-multipath-scan>
</oemconfig>
<bootloader name="grub2_s390x_emu" console="serial" timeout="3" targettype="SCSI"/>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">5</size>
</type>
</preferences>
<preferences profiles="x86-vmware"> <preferences profiles="x86-vmware">
<version>6.1</version> <version>6.0</version>
<packagemanager>zypper</packagemanager> <packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme> <bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme> <bootloader-theme>SLE</bootloader-theme>
@@ -647,7 +532,7 @@
</type> </type>
</preferences> </preferences>
<preferences profiles="x86-qcow"> <preferences profiles="x86-qcow">
<version>6.1</version> <version>6.0</version>
<packagemanager>zypper</packagemanager> <packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme> <bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme> <bootloader-theme>SLE</bootloader-theme>
@@ -658,7 +543,7 @@
format="qcow2" format="qcow2"
filesystem="btrfs" filesystem="btrfs"
firmware="uefi" firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu" kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
bootpartition="false" bootpartition="false"
bootkernel="custom" bootkernel="custom"
devicepersistency="by-uuid" devicepersistency="by-uuid"
@@ -684,7 +569,7 @@
</preferences> </preferences>
<preferences profiles="aarch64-qcow"> <preferences profiles="aarch64-qcow">
<version>6.1</version> <version>6.0</version>
<packagemanager>zypper</packagemanager> <packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme> <bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme> <bootloader-theme>SLE</bootloader-theme>
@@ -696,7 +581,7 @@
filesystem="btrfs" filesystem="btrfs"
firmware="uefi" firmware="uefi"
efipartsize="128" efipartsize="128"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu" kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
bootpartition="false" bootpartition="false"
bootkernel="custom" bootkernel="custom"
devicepersistency="by-uuid" devicepersistency="by-uuid"
@@ -707,7 +592,7 @@
<systemdisk> <systemdisk>
<volume name="home"/> <volume name="home"/>
<volume name="root"/> <volume name="root"/>
<volume name="opt"/> <volume name="opt"/>
<volume name="srv"/> <volume name="srv"/>
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/> <volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
<volume name="boot/writable"/> <volume name="boot/writable"/>
@@ -718,161 +603,6 @@
</type> </type>
</preferences> </preferences>
<preferences profiles="ppc64le-512ss">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
<type
image="oem"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/powerpc-ieee1275"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="ppc64le-4096ss">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<!-- TODO: supposedly this is needed as type attribute, but kiwi needs patching
disk_start_sector="256" -->
<!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
<type
image="oem"
target_blocksize="4096"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/powerpc-ieee1275"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="ppc64le-512ss-self_install">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
<type
image="oem"
installiso="true"
installpxe="true"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<installmedia>
<initrd action="omit">
<dracut module="drm"/>
</initrd>
</installmedia>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/powerpc-ieee1275"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="ppc64le-4096ss-self_install">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<!-- TODO: supposedly this is needed as type attribute, but kiwi needs patching
disk_start_sector="256" -->
<!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
<type
image="oem"
installiso="true"
installpxe="true"
target_blocksize="4096"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<installmedia>
<initrd action="omit">
<dracut module="drm"/>
</initrd>
</installmedia>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/powerpc-ieee1275"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<repository type="rpm-md" > <repository type="rpm-md" >
<source path='obsrepositories:/'/> <source path='obsrepositories:/'/>
</repository> </repository>
@@ -898,6 +628,7 @@
<package name="firewalld"/> <package name="firewalld"/>
<package name="wpa_supplicant" arch="x86_64,aarch64"/> <package name="wpa_supplicant" arch="x86_64,aarch64"/>
<package name="libpwquality-tools"/> <package name="libpwquality-tools"/>
<!-- <package name="k3s-install"/> -->
</packages> </packages>
<packages type="image" profiles="x86-encrypted,x86-rt-encrypted"> <packages type="image" profiles="x86-encrypted,x86-rt-encrypted">
@@ -917,6 +648,8 @@
<package name="patterns-base-transactional"/> <package name="patterns-base-transactional"/>
<namedCollection name="container_runtime_podman"/> <namedCollection name="container_runtime_podman"/>
<package name="patterns-container-runtime_podman"/> <package name="patterns-container-runtime_podman"/>
<namedCollection name="cockpit"/>
<package name="patterns-base-cockpit"/>
<namedCollection name="selinux"/> <namedCollection name="selinux"/>
<package name="patterns-base-selinux"/> <package name="patterns-base-selinux"/>
<package name="suseconnect-ng"/> <package name="suseconnect-ng"/>
@@ -980,8 +713,7 @@
<package name="grub2-x86_64-efi" arch="x86_64"/> <package name="grub2-x86_64-efi" arch="x86_64"/>
<package name="grub2-arm64-efi" arch="aarch64"/> <package name="grub2-arm64-efi" arch="aarch64"/>
<package name="grub2-s390x-emu" arch="s390x"/> <package name="grub2-s390x-emu" arch="s390x"/>
<package name="grub2-powerpc-ieee1275" arch="ppc64le"/> <package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64"/>
<package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64,ppc64le"/>
<package name="grub2-snapper-plugin"/> <package name="grub2-snapper-plugin"/>
<package name="shim" arch="x86_64,aarch64"/> <package name="shim" arch="x86_64,aarch64"/>
<package name="mokutil" arch="x86_64,aarch64"/> <package name="mokutil" arch="x86_64,aarch64"/>
@@ -989,44 +721,46 @@
<package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead --> <package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
</packages> </packages>
<!-- rpi kernel-default-base does not provide all necessary drivers --> <!-- rpi kernel-default-base does not provide all necessary drivers -->
<packages type="image" profiles="rpi,aarch64-self_install,x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install"> <packages type="image" profiles="x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba">
<package name="kernel-default"/> <package name="kernel-default"/>
<package name="kernel-firmware-all"/> <package name="kernel-firmware-all"/>
</packages> </packages>
<packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-self_install"> <packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted">
<package name="kernel-rt"/> <package name="kernel-rt"/>
<package name="kernel-firmware-all"/> <package name="kernel-firmware-all"/>
<!-- FIXME intentionally removed from ALP code stream <!-- FIXME intentionally removed from ALP code stream
<package name="cpuset"/> --> <package name="cpuset"/> -->
</packages> </packages>
<packages type="image" profiles="s390-kvm,s390-dasd,s390-fba,s390-fcp"> <!-- makes the image build, but also include kernel-default
<package name="dracut-kiwi-oem-dump"/> <packages type="image" profiles="x86-rt-encrypted">
<package name="kernel-default-extra"/>
</packages> -->
<packages type="image" profiles="s390-kvm,s390-dasd,s390-fba">
<package name="dracut-kiwi-oem-repart"/> <package name="dracut-kiwi-oem-repart"/>
<package name="blog"/> <package name="blog"/>
</packages> </packages>
<!-- FCP is usually used multipathed. --> <packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,rpi,aarch64-self_install">
<packages type="image" profiles="s390-fcp">
<package name="multipath-tools"/>
</packages>
<packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
<package name="dracut-kiwi-oem-repart"/> <package name="dracut-kiwi-oem-repart"/>
<package name="dracut-kiwi-oem-dump"/> <package name="dracut-kiwi-oem-dump"/>
</packages> </packages>
<packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install"> <packages type="image" profiles="rpi,aarch64-self_install">
<package name="raspberrypi-firmware" arch="aarch64"/> <package name="raspberrypi-firmware" arch="aarch64"/>
<package name="raspberrypi-firmware-config" arch="aarch64"/> <package name="raspberrypi-firmware-config" arch="aarch64"/>
<package name="raspberrypi-firmware-dt" arch="aarch64"/> <package name="raspberrypi-firmware-dt" arch="aarch64"/>
<package name="u-boot-rpiarm64" arch="aarch64"/> <package name="u-boot-rpiarm64" arch="aarch64"/>
<package name="dracut-kiwi-oem-repart"/> <package name="dracut-kiwi-oem-repart"/>
<package name="bcm43xx-firmware"/> <package name="bcm43xx-firmware"/>
<package name="kernel-firmware-all"/><!-- Fix choice between kernel-firmware and kernel-firmware-all -->
<package name="wireless-regdb"/> <package name="wireless-regdb"/>
<package name="wireless-tools"/> <package name="wireless-tools"/>
<package name="wpa_supplicant"/> <package name="wpa_supplicant"/>
<package name="grub2-arm64-efi"/> <package name="grub2-arm64-efi"/>
<!-- kernel-default-base does not have all required drivers -->
<package name="kernel-default"/>
</packages> </packages>
<packages type="bootstrap"> <packages type="bootstrap">
<package name="filesystem"/>
<package name="coreutils"/> <package name="coreutils"/>
<package name="filesystem"/>
<package name="ca-certificates"/> <package name="ca-certificates"/>
<package name="ca-certificates-mozilla"/> <package name="ca-certificates-mozilla"/>
</packages> </packages>
@@ -1040,14 +774,4 @@
<packages type="image" profiles="x86-qcow,aarch64-qcow"> <packages type="image" profiles="x86-qcow,aarch64-qcow">
<package name="qemu-guest-agent"/> <package name="qemu-guest-agent"/>
</packages> </packages>
<!-- jsc#PED-8599 -->
<packages type="image" profiles="Base,Base-encrypted,Base-RT,Base-RT-encrypted,Base-fba,Base-dasd,Base-fcp,Base-512,Base-4096,Default,Default-encrypted,Default-fba,Default-dasd,Default-fcp,Default-512,Default-4096">
<package name="usbguard"/>
</packages>
<!-- jsc#PED-8788 -->
<packages type="image" profiles="Base-RT,Base-RT-encrypted,x86-rt-encrypted,x86-rt,x86-rt-self_install,aarch64-rt,aarch64-rt-self_install">
<package name="stalld"/>
</packages>
</image> </image>

371
kiwi-builder-image/SL-Micro.kiwi.4096
View File

@@ -33,12 +33,6 @@
<profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64"> <profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
<requires profile="bootloader"/> <requires profile="bootloader"/>
</profile> </profile>
<profile name="aarch64-rt" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-rt-self_install" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-legacy" description="Raw disk for x86_64 - legacy boot" arch="x86_64"> <profile name="x86-legacy" description="Raw disk for x86_64 - legacy boot" arch="x86_64">
<requires profile="bootloader"/> <requires profile="bootloader"/>
</profile> </profile>
@@ -69,21 +63,6 @@
<profile name="s390-fba" description="Raw disk for s390 - DASD" arch="s390x"> <profile name="s390-fba" description="Raw disk for s390 - DASD" arch="s390x">
<requires profile="bootloader"/> <requires profile="bootloader"/>
</profile> </profile>
<profile name="s390-fcp" description="Raw disk for s390 - SCSI" arch="s390x">
<requires profile="bootloader"/>
</profile>
<profile name="ppc64le-512ss" description="Raw disk for PPc64 - 512 sector size" arch="ppc64le">
<requires profile="bootloader"/>
</profile>
<profile name="ppc64le-4096ss" description="Raw disk for PPc64 - 4096 sector size" arch="ppc64le">
<requires profile="bootloader"/>
</profile>
<profile name="ppc64le-512ss-self_install" description="Raw disk for PPc64 - 512 sector size" arch="ppc64le">
<requires profile="bootloader"/>
</profile>
<profile name="ppc64le-4096ss-self_install" description="Raw disk for PPc64 - 4096 sector size" arch="ppc64le">
<requires profile="bootloader"/>
</profile>
<!-- Images (flavor + platform) --> <!-- Images (flavor + platform) -->
<profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64"> <profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
<requires profile="full"/> <requires profile="full"/>
@@ -161,15 +140,6 @@
<requires profile="x86-rt-self_install"/> <requires profile="x86-rt-self_install"/>
<requires profile="self_install"/> <requires profile="self_install"/>
</profile> </profile>
<profile name="Base-RT" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-rt"/>
</profile>
<profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-rt-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x"> <profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
<requires profile="full"/> <requires profile="full"/>
<requires profile="s390-kvm"/> <requires profile="s390-kvm"/>
@@ -194,14 +164,6 @@
<requires profile="container-host"/> <requires profile="container-host"/>
<requires profile="s390-fba"/> <requires profile="s390-fba"/>
</profile> </profile>
<profile name="Default-fcp" description="SL Micro with Podman and KVM as raw image for zFCP on System z" arch="s390x">
<requires profile="full"/>
<requires profile="s390-fcp"/>
</profile>
<profile name="Base-fcp" description="SL Micro with Podman as raw image for zFCP on System z" arch="s390x">
<requires profile="container-host"/>
<requires profile="s390-fcp"/>
</profile>
<profile name="Default-legacy" description="SL Micro with Podman as raw image with legacy boot" arch="x86_64"> <profile name="Default-legacy" description="SL Micro with Podman as raw image with legacy boot" arch="x86_64">
<requires profile="full"/> <requires profile="full"/>
<requires profile="x86-legacy"/> <requires profile="x86-legacy"/>
@@ -222,47 +184,10 @@
<requires profile="container-host"/> <requires profile="container-host"/>
<requires profile="aarch64-qcow"/> <requires profile="aarch64-qcow"/>
</profile> </profile>
<profile name="Base-512" description="SL Micro with Podman as raw image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="container-host"/>
<requires profile="ppc64le-512ss"/>
</profile>
<profile name="Base-4096" description="SL Micro with Podman as raw image for ppc64le with 4096b sector size" arch="ppc64le">
<requires profile="container-host"/>
<requires profile="ppc64le-4096ss"/>
</profile>
<profile name="Base-512-SelfInstall" description="SL Micro with Podman as self-install image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="container-host"/>
<requires profile="ppc64le-512ss-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Base-4096-SelfInstall" description="SL Micro with Podman as self-install image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="container-host"/>
<requires profile="ppc64le-4096ss-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default-512" description="SL Micro with Podman and KVM as raw image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="full"/>
<requires profile="ppc64le-512ss"/>
</profile>
<profile name="Default-4096" description="SL Micro with Podman and KVM as raw image for ppc64le with 4096b sector size" arch="ppc64le">
<requires profile="full"/>
<requires profile="ppc64le-4096ss"/>
</profile>
<profile name="Default-512-SelfInstall" description="SL Micro with Podman and KVM as self-install image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="full"/>
<requires profile="ppc64le-512ss-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default-4096-SelfInstall" description="SL Micro with Podman and KVM as self-install image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="full"/>
<requires profile="ppc64le-4096ss-self_install"/>
<requires profile="self_install"/>
</profile>
</profiles> </profiles>
<preferences profiles="x86-encrypted,x86-rt-encrypted"> <preferences profiles="x86-encrypted,x86-rt-encrypted">
<version>6.1</version> <version>6.0</version>
<packagemanager>zypper</packagemanager> <packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme> <bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme> <bootloader-theme>SLE</bootloader-theme>
@@ -273,7 +198,7 @@
initrd_system="dracut" initrd_system="dracut"
filesystem="btrfs" filesystem="btrfs"
firmware="uefi" firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0" kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false" bootpartition="false"
bootkernel="custom" bootkernel="custom"
devicepersistency="by-uuid" devicepersistency="by-uuid"
@@ -288,7 +213,7 @@
efipartsize="200" efipartsize="200"
> >
<luksformat> <luksformat>
<option name="--cipher" value="aes-xts-plain64"/> <option name="--cipher" value="aes"/>
</luksformat> </luksformat>
<bootloader name="grub2" console="gfxterm" use_disk_password="true" /> <bootloader name="grub2" console="gfxterm" use_disk_password="true" />
<systemdisk> <systemdisk>
@@ -307,7 +232,7 @@
</type> </type>
</preferences> </preferences>
<preferences profiles="x86,x86-rt"> <preferences profiles="x86,x86-rt">
<version>6.1</version> <version>6.0</version>
<packagemanager>zypper</packagemanager> <packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme> <bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme> <bootloader-theme>SLE</bootloader-theme>
@@ -318,7 +243,7 @@
initrd_system="dracut" initrd_system="dracut"
filesystem="btrfs" filesystem="btrfs"
firmware="uefi" firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0" kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false" bootpartition="false"
bootkernel="custom" bootkernel="custom"
devicepersistency="by-uuid" devicepersistency="by-uuid"
@@ -345,7 +270,7 @@
</preferences> </preferences>
<preferences profiles="x86-self_install,x86-rt-self_install"> <preferences profiles="x86-self_install,x86-rt-self_install">
<version>6.1</version> <version>6.0</version>
<packagemanager>zypper</packagemanager> <packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme> <bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme> <bootloader-theme>SLE</bootloader-theme>
@@ -355,12 +280,11 @@
image="oem" image="oem"
initrd_system="dracut" initrd_system="dracut"
installiso="true" installiso="true"
installpxe="true"
filesystem="btrfs" filesystem="btrfs"
installboot="install" installboot="install"
install_continue_on_timeout="false" install_continue_on_timeout="false"
firmware="uefi" firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0" kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false" bootpartition="false"
bootkernel="custom" bootkernel="custom"
devicepersistency="by-uuid" devicepersistency="by-uuid"
@@ -386,8 +310,8 @@
</type> </type>
</preferences> </preferences>
<preferences profiles="rpi,aarch64-rt"> <preferences profiles="rpi">
<version>6.1</version> <version>6.0</version>
<packagemanager>zypper</packagemanager> <packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme> <bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme> <bootloader-theme>SLE</bootloader-theme>
@@ -402,7 +326,7 @@
install_continue_on_timeout="false" install_continue_on_timeout="false"
fsmountoptions="noatime" fsmountoptions="noatime"
firmware="uefi" firmware="uefi"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0" kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false" bootpartition="false"
devicepersistency="by-uuid" devicepersistency="by-uuid"
btrfs_root_is_snapshot="true" btrfs_root_is_snapshot="true"
@@ -426,8 +350,8 @@
</systemdisk> </systemdisk>
</type> </type>
</preferences> </preferences>
<preferences profiles="aarch64-self_install,aarch64-rt-self_install"> <preferences profiles="aarch64-self_install">
<version>6.1</version> <version>6.0</version>
<packagemanager>zypper</packagemanager> <packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme> <bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme> <bootloader-theme>SLE</bootloader-theme>
@@ -437,13 +361,12 @@
image="oem" image="oem"
initrd_system="dracut" initrd_system="dracut"
installiso="true" installiso="true"
installpxe="true"
filesystem="btrfs" filesystem="btrfs"
installboot="install" installboot="install"
install_continue_on_timeout="false" install_continue_on_timeout="false"
firmware="uefi" firmware="uefi"
efipartsize="128" efipartsize="128"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0" kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false" bootpartition="false"
bootkernel="custom" bootkernel="custom"
devicepersistency="by-uuid" devicepersistency="by-uuid"
@@ -468,22 +391,22 @@
</preferences> </preferences>
<preferences profiles="s390-kvm"> <preferences profiles="s390-kvm">
<version>6.1</version> <version>6.0</version>
<packagemanager>zypper</packagemanager> <packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme> <bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme> <bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs> <rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale> <locale>en_US</locale>
<!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
<type <type
image="oem" image="oem"
filesystem="btrfs" filesystem="btrfs"
bootpartition="true" bootpartition="true"
bootpartsize="300" bootpartsize="300"
bootfilesystem="ext4" bootfilesystem="ext2"
initrd_system="dracut" initrd_system="dracut"
format="qcow2" format="qcow2"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal" kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
devicepersistency="by-uuid" devicepersistency="by-uuid"
btrfs_root_is_snapshot="true" btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true" btrfs_root_is_readonly_snapshot="true"
@@ -506,7 +429,7 @@
<preferences profiles="s390-dasd"> <preferences profiles="s390-dasd">
<version>6.1</version> <version>6.0</version>
<packagemanager>zypper</packagemanager> <packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme> <bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme> <bootloader-theme>SLE</bootloader-theme>
@@ -517,9 +440,9 @@
filesystem="btrfs" filesystem="btrfs"
bootpartition="true" bootpartition="true"
bootpartsize="300" bootpartsize="300"
bootfilesystem="ext4" bootfilesystem="ext2"
initrd_system="dracut" initrd_system="dracut"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1" kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
devicepersistency="by-uuid" devicepersistency="by-uuid"
target_blocksize="4096" target_blocksize="4096"
btrfs_root_is_snapshot="true" btrfs_root_is_snapshot="true"
@@ -544,7 +467,7 @@
<preferences profiles="s390-fba"> <preferences profiles="s390-fba">
<version>6.1</version> <version>6.0</version>
<packagemanager>zypper</packagemanager> <packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme> <bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme> <bootloader-theme>SLE</bootloader-theme>
@@ -555,9 +478,9 @@
filesystem="btrfs" filesystem="btrfs"
bootpartition="true" bootpartition="true"
bootpartsize="300" bootpartsize="300"
bootfilesystem="ext4" bootfilesystem="ext2"
initrd_system="dracut" initrd_system="dracut"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1" kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
devicepersistency="by-uuid" devicepersistency="by-uuid"
btrfs_root_is_snapshot="true" btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true" btrfs_root_is_readonly_snapshot="true"
@@ -578,47 +501,9 @@
</type> </type>
</preferences> </preferences>
<preferences profiles="s390-fcp">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
filesystem="btrfs"
installpxe="true"
bootpartition="true"
bootpartsize="300"
bootfilesystem="ext4"
initrd_system="dracut"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<oemconfig>
<oem-multipath-scan>true</oem-multipath-scan>
</oemconfig>
<bootloader name="grub2_s390x_emu" console="serial" timeout="3" targettype="SCSI"/>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">5</size>
</type>
</preferences>
<preferences profiles="x86-vmware"> <preferences profiles="x86-vmware">
<version>6.1</version> <version>6.0</version>
<packagemanager>zypper</packagemanager> <packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme> <bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme> <bootloader-theme>SLE</bootloader-theme>
@@ -653,7 +538,7 @@
</type> </type>
</preferences> </preferences>
<preferences profiles="x86-qcow"> <preferences profiles="x86-qcow">
<version>6.1</version> <version>6.0</version>
<packagemanager>zypper</packagemanager> <packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme> <bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme> <bootloader-theme>SLE</bootloader-theme>
@@ -664,7 +549,7 @@
format="qcow2" format="qcow2"
filesystem="btrfs" filesystem="btrfs"
firmware="uefi" firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu" kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
bootpartition="false" bootpartition="false"
bootkernel="custom" bootkernel="custom"
devicepersistency="by-uuid" devicepersistency="by-uuid"
@@ -692,7 +577,7 @@
</preferences> </preferences>
<preferences profiles="aarch64-qcow"> <preferences profiles="aarch64-qcow">
<version>6.1</version> <version>6.0</version>
<packagemanager>zypper</packagemanager> <packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme> <bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme> <bootloader-theme>SLE</bootloader-theme>
@@ -704,7 +589,7 @@
filesystem="btrfs" filesystem="btrfs"
firmware="uefi" firmware="uefi"
efipartsize="128" efipartsize="128"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu" kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
bootpartition="false" bootpartition="false"
bootkernel="custom" bootkernel="custom"
devicepersistency="by-uuid" devicepersistency="by-uuid"
@@ -715,7 +600,7 @@
<systemdisk> <systemdisk>
<volume name="home"/> <volume name="home"/>
<volume name="root"/> <volume name="root"/>
<volume name="opt"/> <volume name="opt"/>
<volume name="srv"/> <volume name="srv"/>
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/> <volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
<volume name="boot/writable"/> <volume name="boot/writable"/>
@@ -726,161 +611,6 @@
</type> </type>
</preferences> </preferences>
<preferences profiles="ppc64le-512ss">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
<type
image="oem"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/powerpc-ieee1275"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="ppc64le-4096ss">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<!-- TODO: supposedly this is needed as type attribute, but kiwi needs patching
disk_start_sector="256" -->
<!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
<type
image="oem"
target_blocksize="4096"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/powerpc-ieee1275"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="ppc64le-512ss-self_install">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
<type
image="oem"
installiso="true"
installpxe="true"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<installmedia>
<initrd action="omit">
<dracut module="drm"/>
</initrd>
</installmedia>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/powerpc-ieee1275"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="ppc64le-4096ss-self_install">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<!-- TODO: supposedly this is needed as type attribute, but kiwi needs patching
disk_start_sector="256" -->
<!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
<type
image="oem"
installiso="true"
installpxe="true"
target_blocksize="4096"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<installmedia>
<initrd action="omit">
<dracut module="drm"/>
</initrd>
</installmedia>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/powerpc-ieee1275"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<repository type="rpm-md" > <repository type="rpm-md" >
<source path='obsrepositories:/'/> <source path='obsrepositories:/'/>
</repository> </repository>
@@ -925,6 +655,8 @@
<package name="patterns-base-transactional"/> <package name="patterns-base-transactional"/>
<namedCollection name="container_runtime_podman"/> <namedCollection name="container_runtime_podman"/>
<package name="patterns-container-runtime_podman"/> <package name="patterns-container-runtime_podman"/>
<namedCollection name="cockpit"/>
<package name="patterns-base-cockpit"/>
<namedCollection name="selinux"/> <namedCollection name="selinux"/>
<package name="patterns-base-selinux"/> <package name="patterns-base-selinux"/>
<package name="suseconnect-ng"/> <package name="suseconnect-ng"/>
@@ -988,8 +720,7 @@
<package name="grub2-x86_64-efi" arch="x86_64"/> <package name="grub2-x86_64-efi" arch="x86_64"/>
<package name="grub2-arm64-efi" arch="aarch64"/> <package name="grub2-arm64-efi" arch="aarch64"/>
<package name="grub2-s390x-emu" arch="s390x"/> <package name="grub2-s390x-emu" arch="s390x"/>
<package name="grub2-powerpc-ieee1275" arch="ppc64le"/> <package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64"/>
<package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64,ppc64le"/>
<package name="grub2-snapper-plugin"/> <package name="grub2-snapper-plugin"/>
<package name="shim" arch="x86_64,aarch64"/> <package name="shim" arch="x86_64,aarch64"/>
<package name="mokutil" arch="x86_64,aarch64"/> <package name="mokutil" arch="x86_64,aarch64"/>
@@ -997,44 +728,46 @@
<package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead --> <package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
</packages> </packages>
<!-- rpi kernel-default-base does not provide all necessary drivers --> <!-- rpi kernel-default-base does not provide all necessary drivers -->
<packages type="image" profiles="rpi,aarch64-self_install,x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install"> <packages type="image" profiles="x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba">
<package name="kernel-default"/> <package name="kernel-default"/>
<package name="kernel-firmware-all"/> <package name="kernel-firmware-all"/>
</packages> </packages>
<packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-self_install"> <packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted">
<package name="kernel-rt"/> <package name="kernel-rt"/>
<package name="kernel-firmware-all"/> <package name="kernel-firmware-all"/>
<!-- FIXME intentionally removed from ALP code stream <!-- FIXME intentionally removed from ALP code stream
<package name="cpuset"/> --> <package name="cpuset"/> -->
</packages> </packages>
<packages type="image" profiles="s390-kvm,s390-dasd,s390-fba,s390-fcp"> <!-- makes the image build, but also include kernel-default
<package name="dracut-kiwi-oem-dump"/> <packages type="image" profiles="x86-rt-encrypted">
<package name="kernel-default-extra"/>
</packages> -->
<packages type="image" profiles="s390-kvm,s390-dasd,s390-fba">
<package name="dracut-kiwi-oem-repart"/> <package name="dracut-kiwi-oem-repart"/>
<package name="blog"/> <package name="blog"/>
</packages> </packages>
<!-- FCP is usually used multipathed. --> <packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,rpi,aarch64-self_install">
<packages type="image" profiles="s390-fcp">
<package name="multipath-tools"/>
</packages>
<packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
<package name="dracut-kiwi-oem-repart"/> <package name="dracut-kiwi-oem-repart"/>
<package name="dracut-kiwi-oem-dump"/> <package name="dracut-kiwi-oem-dump"/>
</packages> </packages>
<packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install"> <packages type="image" profiles="rpi,aarch64-self_install">
<package name="raspberrypi-firmware" arch="aarch64"/> <package name="raspberrypi-firmware" arch="aarch64"/>
<package name="raspberrypi-firmware-config" arch="aarch64"/> <package name="raspberrypi-firmware-config" arch="aarch64"/>
<package name="raspberrypi-firmware-dt" arch="aarch64"/> <package name="raspberrypi-firmware-dt" arch="aarch64"/>
<package name="u-boot-rpiarm64" arch="aarch64"/> <package name="u-boot-rpiarm64" arch="aarch64"/>
<package name="dracut-kiwi-oem-repart"/> <package name="dracut-kiwi-oem-repart"/>
<package name="bcm43xx-firmware"/> <package name="bcm43xx-firmware"/>
<package name="kernel-firmware-all"/><!-- Fix choice between kernel-firmware and kernel-firmware-all -->
<package name="wireless-regdb"/> <package name="wireless-regdb"/>
<package name="wireless-tools"/> <package name="wireless-tools"/>
<package name="wpa_supplicant"/> <package name="wpa_supplicant"/>
<package name="grub2-arm64-efi"/> <package name="grub2-arm64-efi"/>
<!-- kernel-default-base does not have all required drivers -->
<package name="kernel-default"/>
</packages> </packages>
<packages type="bootstrap"> <packages type="bootstrap">
<package name="filesystem"/>
<package name="coreutils"/> <package name="coreutils"/>
<package name="filesystem"/>
<package name="ca-certificates"/> <package name="ca-certificates"/>
<package name="ca-certificates-mozilla"/> <package name="ca-certificates-mozilla"/>
</packages> </packages>
@@ -1048,14 +781,4 @@
<packages type="image" profiles="x86-qcow,aarch64-qcow"> <packages type="image" profiles="x86-qcow,aarch64-qcow">
<package name="qemu-guest-agent"/> <package name="qemu-guest-agent"/>
</packages> </packages>
<!-- jsc#PED-8599 -->
<packages type="image" profiles="Base,Base-encrypted,Base-RT,Base-RT-encrypted,Base-fba,Base-dasd,Base-fcp,Base-512,Base-4096,Default,Default-encrypted,Default-fba,Default-dasd,Default-fcp,Default-512,Default-4096">
<package name="usbguard"/>
</packages>
<!-- jsc#PED-8788 -->
<packages type="image" profiles="Base-RT,Base-RT-encrypted,x86-rt-encrypted,x86-rt,x86-rt-self_install,aarch64-rt,aarch64-rt-self_install">
<package name="stalld"/>
</packages>
</image> </image>

8
kiwi-builder-image/build-image.sh
View File

@@ -1,5 +1,5 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# Copyright (c) 2025 SUSE LLC # Copyright (c) 2024 SUSE LLC
# #
# Permission is hereby granted, free of charge, to any person obtaining a copy # Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal # of this software and associated documentation files (the "Software"), to deal
@@ -27,9 +27,9 @@ LARGEBLOCK=false
# Print usage # Print usage
usage(){ usage(){
cat <<-EOF cat <<-EOF
===================================== ==============================
SUSE Linux Micro 6.1 Kiwi SDK Builder SLE Micro 6.0 Kiwi SDK Builder
===================================== ==============================
Usage: ${0} [-p <profile>] [-b] Usage: ${0} [-p <profile>] [-b]

27
kiwi-builder-image/config.sh
View File

@@ -35,6 +35,14 @@ mkdir /var/lib/misc/reconfig_system
#-------------------------------------- #--------------------------------------
echo "Configure image: [$kiwi_iname]-[$kiwi_profiles]..." echo "Configure image: [$kiwi_iname]-[$kiwi_profiles]..."
#======================================
# This is a workaround - someone,
# somewhere needs to load the xts crypto
# module, otherwise luksOpen will fail while
# creating the image.
#--------------------------------------
modprobe xts || true
#====================================== #======================================
# add missing fonts # add missing fonts
#-------------------------------------- #--------------------------------------
@@ -131,6 +139,9 @@ for i in /usr/lib/rpm/gnupg/keys/gpg-pubkey*asc; do
rpm --import $i || true rpm --import $i || true
done done
# Temporary workaround for bsc#1212187
echo "techpreview.ZYPP_MEDIANETWORK=1" >> /etc/zypp/zypp.conf
#====================================== #======================================
# Enable kubelet if installed # Enable kubelet if installed
#-------------------------------------- #--------------------------------------
@@ -159,18 +170,8 @@ if [ "${kiwi_btrfs_root_is_snapshot-false}" = 'true' ]; then
sed -i'' 's/^NUMBER_LIMIT_IMPORTANT=.*$/NUMBER_LIMIT_IMPORTANT="4-10"/g' /etc/snapper/configs/root sed -i'' 's/^NUMBER_LIMIT_IMPORTANT=.*$/NUMBER_LIMIT_IMPORTANT="4-10"/g' /etc/snapper/configs/root
fi fi
# Enable multipathd for MP images # Enable jeos-firstboot if installed, disabled by combustion/ignition
if [ "${kiwi_oemmultipath_scan-false}" = 'true' ]; then if rpm -q --whatprovides jeos-firstboot >/dev/null; then
systemctl enable multipathd.service
fi
# On those s390 targets the console is not capable of running jeos-firstboot,
# use systemd-firstboot as minimal alternative.
if [[ "$kiwi_profiles" =~ s390-(dasd|fba|fcp) ]]; then
systemctl enable systemd-firstboot
# Enable prompting for the root password
echo 'root:!unprovisioned' | chpasswd -e
elif rpm -q --whatprovides jeos-firstboot >/dev/null; then
mkdir -p /var/lib/YaST2 mkdir -p /var/lib/YaST2
touch /var/lib/YaST2/reconfig_system touch /var/lib/YaST2/reconfig_system
systemctl enable jeos-firstboot.service systemctl enable jeos-firstboot.service
@@ -280,7 +281,7 @@ if [[ "$kiwi_profiles" == *"RaspberryPi"* ]]; then
options smsc95xx turbo_mode=N options smsc95xx turbo_mode=N
EOF EOF
cat > /etc/sysctl.d/50-rpi3.conf <<-EOF cat > /usr/lib/sysctl.d/50-rpi3.conf <<-EOF
# Avoid running out of DMA pages for smsc95xx (bsc#1012449) # Avoid running out of DMA pages for smsc95xx (bsc#1012449)
vm.min_free_kbytes = 2048 vm.min_free_kbytes = 2048
EOF EOF

10
metal3-chart/Chart.yaml
View File

@@ -1,7 +1,7 @@
#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.9.2 #!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.9.4
#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.9.2-%RELEASE% #!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.9.4-%RELEASE%
apiVersion: v2 apiVersion: v2
appVersion: 0.9.2 appVersion: 0.9.4
dependencies: dependencies:
- alias: metal3-baremetal-operator - alias: metal3-baremetal-operator
name: baremetal-operator name: baremetal-operator
@@ -10,7 +10,7 @@ dependencies:
- alias: metal3-ironic - alias: metal3-ironic
name: ironic name: ironic
repository: file://./charts/ironic repository: file://./charts/ironic
version: 0.9.1 version: 0.9.3
- alias: metal3-mariadb - alias: metal3-mariadb
condition: global.enable_mariadb condition: global.enable_mariadb
name: mariadb name: mariadb
@@ -25,4 +25,4 @@ description: A Helm chart that installs all of the dependencies needed for Metal
icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
name: metal3 name: metal3
type: application type: application
version: "%%CHART_MAJOR%%.0.0+up0.9.2" version: "%%CHART_MAJOR%%.0.0+up0.9.4"

6
metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml
View File

@@ -5,7 +5,6 @@
{{- $ironicApiHost := print $ironicIP ":6385" }} {{- $ironicApiHost := print $ironicIP ":6385" }}
{{- $ironicBootHost := print $ironicIP ":6180" }} {{- $ironicBootHost := print $ironicIP ":6180" }}
{{- $ironicCacheHost := print $ironicIP ":6180" }} {{- $ironicCacheHost := print $ironicIP ":6180" }}
{{- $deployArch := .Values.global.deployArchitecture }}
apiVersion: v1 apiVersion: v1
data: data:
@@ -20,9 +19,8 @@ data:
{{- $protocol = "http" }} {{- $protocol = "http" }}
{{- end }} {{- end }}
CACHEURL: "{{ $protocol }}://{{ $ironicCacheHost }}/images" CACHEURL: "{{ $protocol }}://{{ $ironicCacheHost }}/images"
DEPLOY_KERNEL_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.kernel" DEPLOY_KERNEL_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.kernel"
DEPLOY_RAMDISK_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.initramfs" DEPLOY_RAMDISK_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.initramfs"
DEPLOY_ARCHITECTURE: "{{ $deployArch }}"
kind: ConfigMap kind: ConfigMap
metadata: metadata:
name: baremetal-operator-ironic name: baremetal-operator-ironic

2
metal3-chart/charts/ironic/Chart.yaml
View File

@@ -3,4 +3,4 @@ appVersion: 26.1.2
description: A Helm chart for Ironic, used by Metal3 description: A Helm chart for Ironic, used by Metal3
name: ironic name: ironic
type: application type: application
version: 0.9.1 version: 0.9.3

6
metal3-chart/charts/ironic/templates/configmap.yaml
View File

@@ -12,7 +12,6 @@ data:
{{- $ironicApiHost := print $ironicIP ":6385" }} {{- $ironicApiHost := print $ironicIP ":6385" }}
{{- $ironicBootHost := print $ironicIP ":6180" }} {{- $ironicBootHost := print $ironicIP ":6180" }}
{{- $ironicCacheHost := print $ironicIP ":6180" }} {{- $ironicCacheHost := print $ironicIP ":6180" }}
{{- $deployArch := .Values.global.deployArchitecture }}
{{- if ( .Values.global.enable_dnsmasq ) }} {{- if ( .Values.global.enable_dnsmasq ) }}
DNSMASQ_BOOT_SERVER_ADDRESS: {{ $ironicBootHost }} DNSMASQ_BOOT_SERVER_ADDRESS: {{ $ironicBootHost }}
@@ -40,9 +39,8 @@ data:
{{- end }} {{- end }}
IRONIC_EXTERNAL_HTTP_URL: {{ $protocol }}://{{ $ironicCacheHost }} IRONIC_EXTERNAL_HTTP_URL: {{ $protocol }}://{{ $ironicCacheHost }}
CACHEURL: {{ $protocol }}://{{ $ironicCacheHost }}/images CACHEURL: {{ $protocol }}://{{ $ironicCacheHost }}/images
DEPLOY_KERNEL_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.kernel DEPLOY_KERNEL_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.kernel
DEPLOY_RAMDISK_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.initramfs DEPLOY_RAMDISK_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.initramfs
DEPLOY_ARCHITECTURE: {{ $deployArch }}
IRONIC_BOOT_BASE_URL: {{ $protocol }}://{{ $ironicBootHost }} IRONIC_BOOT_BASE_URL: {{ $protocol }}://{{ $ironicBootHost }}
IRONIC_VMEDIA_HTTPD_SERVER_NAME: {{ $ironicBootHost }} IRONIC_VMEDIA_HTTPD_SERVER_NAME: {{ $ironicBootHost }}
ENABLE_PXE_BOOT: "{{ .Values.global.enable_pxe_boot }}" ENABLE_PXE_BOOT: "{{ .Values.global.enable_pxe_boot }}"

3
metal3-chart/charts/ironic/templates/deployment.yaml
View File

@@ -77,9 +77,6 @@ spec:
mountPath: "/certs/vmedia" mountPath: "/certs/vmedia"
readOnly: true readOnly: true
{{- end }} {{- end }}
- mountPath: /shared/html/tstcerts
name: cert-ironic-ca
readOnly: true
{{- end }} {{- end }}
- name: ironic-log-watch - name: ironic-log-watch
image: {{ .Values.images.ironic.repository }}:{{ .Values.images.ironic.tag }} image: {{ .Values.images.ironic.repository }}:{{ .Values.images.ironic.tag }}

2
metal3-chart/charts/ironic/values.yaml
View File

@@ -56,7 +56,7 @@ images:
ironic: ironic:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
tag: 26.1.2.2 tag: 26.1.2.3
ironicIPADownloader: ironicIPADownloader:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader
pullPolicy: IfNotPresent pullPolicy: IfNotPresent

3
metal3-chart/values.yaml
View File

@@ -63,9 +63,6 @@ global:
# Name for the MariaDB service # Name for the MariaDB service
databaseServiceName: metal3-mariadb databaseServiceName: metal3-mariadb
# Architecture for deployed nodes (either x86_64 or arm64)
deployArchitecture: x86_64
# In a multi-node cluster use the node selector to ensure the pods # In a multi-node cluster use the node selector to ensure the pods
# all run on the same host where the dnsmasqDNSServer and provisioningIP # all run on the same host where the dnsmasqDNSServer and provisioningIP
# and /opt/media exist. Uncomment the nodeSelector and update the # and /opt/media exist. Uncomment the nodeSelector and update the

8
rancher-turtles-airgap-resources-chart/Chart.yaml
View File

@@ -1,10 +1,10 @@
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.16.0 #!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.14.1
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.16.0 #!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.14.1
apiVersion: v2 apiVersion: v2
appVersion: 0.16.0 appVersion: 0.14.1
description: Rancher Turtles utility chart for airgap scenarios description: Rancher Turtles utility chart for airgap scenarios
home: https://github.com/rancher/turtles/ home: https://github.com/rancher/turtles/
icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg
name: rancher-turtles-airgap-resources name: rancher-turtles-airgap-resources
type: application type: application
version: "%%CHART_MAJOR%%.0.0+up0.16.0" version: "%%CHART_MAJOR%%.0.0+up0.14.1"

7
rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml
View File

File diff suppressed because one or more lines are too long

1426
rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml
View File

File diff suppressed because it is too large Load Diff

46
rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml
View File

@@ -22,7 +22,7 @@ data:
metadata: metadata:
annotations: annotations:
cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert
controller-gen.kubebuilder.io/version: v0.16.1 controller-gen.kubebuilder.io/version: v0.14.0
labels: labels:
cluster.x-k8s.io/provider: bootstrap-rke2 cluster.x-k8s.io/provider: bootstrap-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1 cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -154,6 +154,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -299,6 +300,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -437,6 +439,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -492,6 +495,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -578,20 +582,20 @@ data:
description: |- description: |-
The reason for the condition's last transition in CamelCase. The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API. The specific API may choose whether or not this field is considered a guaranteed API.
This field may be empty. This field may not be empty.
type: string type: string
severity: severity:
description: |- description: |-
severity provides an explicit classification of Reason code, so the users or machines can immediately Severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly. understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False. The Severity field MUST be set only when Status=False.
type: string type: string
status: status:
description: status of the condition, one of True, False, Unknown. description: Status of the condition, one of True, False, Unknown.
type: string type: string
type: type:
description: |- description: |-
type of condition in CamelCase or in foo.example.com/CamelCase. Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important. can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string type: string
@@ -738,6 +742,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -888,6 +893,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -1023,6 +1029,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -1078,6 +1085,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -1164,20 +1172,20 @@ data:
description: |- description: |-
The reason for the condition's last transition in CamelCase. The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API. The specific API may choose whether or not this field is considered a guaranteed API.
This field may be empty. This field may not be empty.
type: string type: string
severity: severity:
description: |- description: |-
severity provides an explicit classification of Reason code, so the users or machines can immediately Severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly. understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False. The Severity field MUST be set only when Status=False.
type: string type: string
status: status:
description: status of the condition, one of True, False, Unknown. description: Status of the condition, one of True, False, Unknown.
type: string type: string
type: type:
description: |- description: |-
type of condition in CamelCase or in foo.example.com/CamelCase. Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important. can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string type: string
@@ -1218,7 +1226,7 @@ data:
metadata: metadata:
annotations: annotations:
cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert
controller-gen.kubebuilder.io/version: v0.16.1 controller-gen.kubebuilder.io/version: v0.14.0
labels: labels:
cluster.x-k8s.io/provider: bootstrap-rke2 cluster.x-k8s.io/provider: bootstrap-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1 cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -1361,6 +1369,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -1514,6 +1523,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -1654,6 +1664,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -1709,6 +1720,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -1908,6 +1920,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -2066,6 +2079,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -2203,6 +2217,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -2258,6 +2273,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -2527,7 +2543,7 @@ data:
- --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false} - --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false}
command: command:
- /manager - /manager
image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.11.0 image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.9.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
httpGet: httpGet:
@@ -2741,16 +2757,10 @@ data:
- major: 0 - major: 0
minor: 9 minor: 9
contract: v1beta1 contract: v1beta1
- major: 0
minor: 10
contract: v1beta1
- major: 0
minor: 11
contract: v1beta1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
creationTimestamp: null creationTimestamp: null
name: v0.11.0 name: v0.9.0
namespace: rke2-bootstrap-system namespace: rke2-bootstrap-system
labels: labels:
provider-components: rke2-bootstrap provider-components: rke2-bootstrap

90
rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml
View File

@@ -22,7 +22,7 @@ data:
metadata: metadata:
annotations: annotations:
cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert
controller-gen.kubebuilder.io/version: v0.16.1 controller-gen.kubebuilder.io/version: v0.14.0
labels: labels:
cluster.x-k8s.io/provider: control-plane-rke2 cluster.x-k8s.io/provider: control-plane-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1 cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -154,6 +154,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -299,6 +300,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -416,6 +418,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -461,6 +464,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -533,6 +537,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -588,6 +593,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -721,6 +727,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -797,6 +804,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -927,6 +935,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -971,7 +980,6 @@ data:
description: |- description: |-
S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket. S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket.
The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key". The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key".
If empty, the controller will default to IAM authentication
properties: properties:
apiVersion: apiVersion:
description: API version of the referent. description: API version of the referent.
@@ -985,6 +993,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -1015,6 +1024,7 @@ data:
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
required: required:
- endpoint - endpoint
- s3CredentialSecret
type: object type: object
scheduleCron: scheduleCron:
description: 'ScheduleCron Snapshot interval time in cron description: 'ScheduleCron Snapshot interval time in cron
@@ -1191,20 +1201,20 @@ data:
description: |- description: |-
The reason for the condition's last transition in CamelCase. The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API. The specific API may choose whether or not this field is considered a guaranteed API.
This field may be empty. This field may not be empty.
type: string type: string
severity: severity:
description: |- description: |-
severity provides an explicit classification of Reason code, so the users or machines can immediately Severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly. understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False. The Severity field MUST be set only when Status=False.
type: string type: string
status: status:
description: status of the condition, one of True, False, Unknown. description: Status of the condition, one of True, False, Unknown.
type: string type: string
type: type:
description: |- description: |-
type of condition in CamelCase or in foo.example.com/CamelCase. Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important. can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string type: string
@@ -1377,6 +1387,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -1527,6 +1538,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -1628,7 +1640,6 @@ data:
description: |- description: |-
InfrastructureRef is a required reference to a custom resource InfrastructureRef is a required reference to a custom resource
offered by an infrastructure provider. offered by an infrastructure provider.
This field is deprecated. Use `.machineTemplate.infrastructureRef` instead.
properties: properties:
apiVersion: apiVersion:
description: API version of the referent. description: API version of the referent.
@@ -1642,6 +1653,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -1692,6 +1704,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -1729,7 +1742,7 @@ data:
additionalProperties: additionalProperties:
type: string type: string
description: |- description: |-
annotations is an unstructured key value map stored with a resource that may be Annotations is an unstructured key value map stored with a resource that may be
set by external tools to store and retrieve arbitrary metadata. They are not set by external tools to store and retrieve arbitrary metadata. They are not
queryable and should be preserved when modifying objects. queryable and should be preserved when modifying objects.
More info: http://kubernetes.io/docs/user-guide/annotations More info: http://kubernetes.io/docs/user-guide/annotations
@@ -1770,6 +1783,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -1803,7 +1817,6 @@ data:
NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
The default value is 0, meaning that the node can be drained without any time limitations. The default value is 0, meaning that the node can be drained without any time limitations.
NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
This field is deprecated. Use `.machineTemplate.nodeDrainTimeout` instead.
type: string type: string
postRKE2Commands: postRKE2Commands:
description: PostRKE2Commands specifies extra commands to run after description: PostRKE2Commands specifies extra commands to run after
@@ -1843,6 +1856,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -1898,6 +1912,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -2028,6 +2043,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -2104,6 +2120,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -2234,6 +2251,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -2278,7 +2296,6 @@ data:
description: |- description: |-
S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket. S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket.
The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key". The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key".
If empty, the controller will default to IAM authentication
properties: properties:
apiVersion: apiVersion:
description: API version of the referent. description: API version of the referent.
@@ -2292,6 +2309,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -2322,6 +2340,7 @@ data:
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
required: required:
- endpoint - endpoint
- s3CredentialSecret
type: object type: object
scheduleCron: scheduleCron:
description: 'ScheduleCron Snapshot interval time in cron description: 'ScheduleCron Snapshot interval time in cron
@@ -2471,6 +2490,7 @@ data:
pattern: (v\d\.\d{2}\.\d+\+rke2r\d)|^$ pattern: (v\d\.\d{2}\.\d+\+rke2r\d)|^$
type: string type: string
required: required:
- infrastructureRef
- rolloutStrategy - rolloutStrategy
type: object type: object
status: status:
@@ -2504,20 +2524,20 @@ data:
description: |- description: |-
The reason for the condition's last transition in CamelCase. The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API. The specific API may choose whether or not this field is considered a guaranteed API.
This field may be empty. This field may not be empty.
type: string type: string
severity: severity:
description: |- description: |-
severity provides an explicit classification of Reason code, so the users or machines can immediately Severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly. understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False. The Severity field MUST be set only when Status=False.
type: string type: string
status: status:
description: status of the condition, one of True, False, Unknown. description: Status of the condition, one of True, False, Unknown.
type: string type: string
type: type:
description: |- description: |-
type of condition in CamelCase or in foo.example.com/CamelCase. Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important. can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string type: string
@@ -2589,7 +2609,7 @@ data:
metadata: metadata:
annotations: annotations:
cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert
controller-gen.kubebuilder.io/version: v0.16.1 controller-gen.kubebuilder.io/version: v0.14.0
labels: labels:
cluster.x-k8s.io/provider: control-plane-rke2 cluster.x-k8s.io/provider: control-plane-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1 cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -2776,6 +2796,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -2934,6 +2955,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -3036,7 +3058,6 @@ data:
description: |- description: |-
InfrastructureRef is a required reference to a custom resource InfrastructureRef is a required reference to a custom resource
offered by an infrastructure provider. offered by an infrastructure provider.
This field is deprecated. Use `.machineTemplate.infrastructureRef` instead.
properties: properties:
apiVersion: apiVersion:
description: API version of the referent. description: API version of the referent.
@@ -3050,6 +3071,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -3100,6 +3122,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -3137,7 +3160,7 @@ data:
additionalProperties: additionalProperties:
type: string type: string
description: |- description: |-
annotations is an unstructured key value map stored with a resource that may be Annotations is an unstructured key value map stored with a resource that may be
set by external tools to store and retrieve arbitrary metadata. They are not set by external tools to store and retrieve arbitrary metadata. They are not
queryable and should be preserved when modifying objects. queryable and should be preserved when modifying objects.
More info: http://kubernetes.io/docs/user-guide/annotations More info: http://kubernetes.io/docs/user-guide/annotations
@@ -3178,6 +3201,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -3211,7 +3235,6 @@ data:
NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
The default value is 0, meaning that the node can be drained without any time limitations. The default value is 0, meaning that the node can be drained without any time limitations.
NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
This field is deprecated. Use `.machineTemplate.nodeDrainTimeout` instead.
type: string type: string
postRKE2Commands: postRKE2Commands:
description: PostRKE2Commands specifies extra commands to description: PostRKE2Commands specifies extra commands to
@@ -3252,6 +3275,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -3307,6 +3331,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -3441,6 +3466,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -3519,6 +3545,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -3652,6 +3679,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -3696,7 +3724,6 @@ data:
description: |- description: |-
S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket. S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket.
The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key". The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key".
If empty, the controller will default to IAM authentication
properties: properties:
apiVersion: apiVersion:
description: API version of the referent. description: API version of the referent.
@@ -3710,6 +3737,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -3740,6 +3768,7 @@ data:
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
required: required:
- endpoint - endpoint
- s3CredentialSecret
type: object type: object
scheduleCron: scheduleCron:
description: 'ScheduleCron Snapshot interval time description: 'ScheduleCron Snapshot interval time
@@ -3898,6 +3927,7 @@ data:
pattern: (v\d\.\d{2}\.\d+\+rke2r\d)|^$ pattern: (v\d\.\d{2}\.\d+\+rke2r\d)|^$
type: string type: string
required: required:
- infrastructureRef
- rolloutStrategy - rolloutStrategy
type: object type: object
required: required:
@@ -3937,20 +3967,20 @@ data:
description: |- description: |-
The reason for the condition's last transition in CamelCase. The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API. The specific API may choose whether or not this field is considered a guaranteed API.
This field may be empty. This field may not be empty.
type: string type: string
severity: severity:
description: |- description: |-
severity provides an explicit classification of Reason code, so the users or machines can immediately Severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly. understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False. The Severity field MUST be set only when Status=False.
type: string type: string
status: status:
description: status of the condition, one of True, False, Unknown. description: Status of the condition, one of True, False, Unknown.
type: string type: string
type: type:
description: |- description: |-
type of condition in CamelCase or in foo.example.com/CamelCase. Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important. can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string type: string
@@ -4263,7 +4293,7 @@ data:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.uid fieldPath: metadata.uid
image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.11.0 image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.9.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
httpGet: httpGet:
@@ -4318,7 +4348,7 @@ data:
volumes: volumes:
- name: cert - name: cert
secret: secret:
secretName: rke2-controlplane-webhook-service-cert secretName: rke2-control-plane-webhook-service-cert
--- ---
apiVersion: cert-manager.io/v1 apiVersion: cert-manager.io/v1
kind: Certificate kind: Certificate
@@ -4334,7 +4364,7 @@ data:
issuerRef: issuerRef:
kind: Issuer kind: Issuer
name: rke2-control-plane-selfsigned-issuer name: rke2-control-plane-selfsigned-issuer
secretName: rke2-controlplane-webhook-service-cert secretName: rke2-control-plane-webhook-service-cert
subject: subject:
organizations: organizations:
- Rancher by SUSE - Rancher by SUSE
@@ -4484,16 +4514,10 @@ data:
- major: 0 - major: 0
minor: 9 minor: 9
contract: v1beta1 contract: v1beta1
- major: 0
minor: 10
contract: v1beta1
- major: 0
minor: 11
contract: v1beta1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
creationTimestamp: null creationTimestamp: null
name: v0.11.0 name: v0.9.0
namespace: rke2-control-plane-system namespace: rke2-control-plane-system
labels: labels:
provider-components: rke2-control-plane provider-components: rke2-control-plane

6
rancher-turtles-chart/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: cluster-api-operator - name: cluster-api-operator
repository: https://kubernetes-sigs.github.io/cluster-api-operator repository: https://kubernetes-sigs.github.io/cluster-api-operator
version: 0.16.0 version: 0.14.0
digest: sha256:9b296be6ee446bff492e6736e084ce3734b07ea613791b77fd15d31c0f62dc70 digest: sha256:9e9e851dbab3212c279efec06bcf0da147228ea1590470f3a8cbbb5806a250d4
generated: "2025-01-30T10:14:58.692942399Z" generated: "2024-12-03T09:34:12.871417074Z"

8
rancher-turtles-chart/Chart.yaml
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.16.0 #!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.14.1
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.16.0-%RELEASE% #!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.14.1-%RELEASE%
annotations: annotations:
catalog.cattle.io/certified: rancher catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension
@@ -12,7 +12,7 @@ annotations:
catalog.cattle.io/scope: management catalog.cattle.io/scope: management
catalog.cattle.io/type: cluster-tool catalog.cattle.io/type: cluster-tool
apiVersion: v2 apiVersion: v2
appVersion: 0.16.0 appVersion: 0.14.1
dependencies: dependencies:
- condition: cluster-api-operator.enabled - condition: cluster-api-operator.enabled
name: cluster-api-operator name: cluster-api-operator
@@ -29,4 +29,4 @@ keywords:
- provisioning - provisioning
name: rancher-turtles name: rancher-turtles
type: application type: application
version: "%%CHART_MAJOR%%.0.0+up0.16.0" version: "%%CHART_MAJOR%%.0.0+up0.14.1"

112
rancher-turtles-chart/questions.yml
View File

@@ -1,44 +1,78 @@
namespace: rancher-turtles-system namespace: rancher-turtles-system
questions: questions:
- variable: rancherTurtles.features.default - variable: rancherTurtles.features.default
default: "false" default: "false"
description: "Customize install settings" description: "Customize install settings"
label: Customize install settings label: Customize install settings
type: boolean
show_subquestion_if: true
group: "Rancher Turtles Extra Settings"
subquestions:
- variable: cluster-api-operator.cert-manager.enabled
default: false
type: boolean type: boolean
description: "Flag to enable or disable installation of cert-manager. If set to false then you will need to install cert-manager manually"
label: "Enable Cert Manager"
- variable: rancherTurtles.features.cluster-api-operator.cleanup
default: true
description: "Specify that the CAPI Operator post-delete cleanup job will be performed"
type: boolean
label: Cleanup CAPI Operator installation
group: "CAPI Operator cleanup settings"
show_subquestion_if: true show_subquestion_if: true
group: "Rancher Turtles Extra Settings"
subquestions: subquestions:
- variable: cluster-api-operator.cert-manager.enabled - variable: rancherTurtles.features.cluster-api-operator.kubectlImage
default: false default: "rancher/kubectl:v1.30.3"
type: boolean description: "Specify the image to use when cleaning up the Cluster API Operator manifests"
description: "Flag to enable or disable installation of cert-manager. If set to false then you will need to install cert-manager manually" type: string
label: "Enable Cert Manager" label: Cleanup Image
- variable: rancherTurtles.cluster-api-operator.cleanup group: "CAPI Operator cleanup settings"
default: true - variable: rancherTurtles.features.rancher-webhook.cleanup
description: "Specify that the CAPI Operator post-delete cleanup job will be performed" default: true
type: boolean description: "Specify that the Rancher embedded cluster api webhooks should be removed"
label: Cleanup CAPI Operator installation type: boolean
group: "CAPI Operator cleanup settings" label: Cleanup Rancher Embedded CAPI Webhooks
- variable: cluster-api-operator.cluster-api.rke2.enabled group: "Rancher webhook cleanup settings"
default: "true" show_subquestion_if: true
description: "Flag to enable or disable installation of the RKE2 provider for Cluster API. By default this is enabled." subquestions:
label: "Enable RKE2 Provider" - variable: rancherTurtles.features.rancher-webhook.kubectlImage
type: boolean default: "rancher/kubectl:v1.30.3"
- variable: rancherTurtles.features.addon-provider-fleet.enabled description: "Specify the image to use when cleaning up the webhooks"
default: false type: string
description: "[BETA] Enable Fleet Addon Provider functionality in Rancher Turtles" label: Webhook Cleanup Image
type: boolean group: "Rancher webhook cleanup settings"
label: Seamless integration with Fleet and CAPI - variable: rancherTurtles.features.rancher-kubeconfigs.label
group: "Rancher Turtles Features Settings" default: false
- variable: rancherTurtles.features.agent-tls-mode.enabled description: "(Experimental) Specify that the kubeconfigs generated by Rancher should be automatically patched to contain the CAPI expected labels"
default: false type: boolean
description: "[ALPHA] If enabled Turtles will use the agent-tls-mode setting to determine CA cert trust mode for importing clusters" label: Label Rancher Kubeconfigs
type: boolean group: "Rancher Turtles Features Settings"
label: Enable Agent TLS Mode - variable: rancherTurtles.features.managementv3-cluster.enabled
group: "Rancher Turtles Features Settings" default: true
- variable: rancherTurtles.kubectlImage description: "Use v3/management cluster manifest for import, instead of v1/provisioning"
default: "registry.suse.com/edge/3.2/kubectl:1.30.3" type: boolean
description: "Specify the image to use when running kubectl in jobs" label: Use management v3 cluster manifest
type: string group: "Rancher Turtles Features Settings"
label: Kubectl Image - variable: rancherTurtles.features.managementv3-cluster-migration.enabled
group: "Rancher Turtles Features Settings" default: false
description: "Automatically migrate between provisioning and management clusters on upgrade"
type: boolean
label: All imported clusters will use new cluster manifest, replacing old cluster manifest.
group: "Rancher Turtles Features Settings"
- variable: cluster-api-operator.cluster-api.rke2.enabled
default: "true"
description: "Flag to enable or disable installation of the RKE2 provider for Cluster API. By default this is enabled."
label: "Enable RKE2 Provider"
type: boolean
- variable: rancherTurtles.features.propagate-labels.enabled
default: false
description: "(Experimental) Specify that the labels from CAPI should be propagated to Rancher"
type: boolean
label: Propagate CAPI Labels
group: "Rancher Turtles Features Settings"
- variable: rancherTurtles.features.addon-provider-fleet.enabled
default: false
description: "Enable Fleet Addon Provider functionality in Rancher Turtles"
type: boolean
label: Seamless integration with Fleet and CAPI
group: "Rancher Turtles Features Settings"

7
rancher-turtles-chart/templates/addon-provider-fleet.yaml
View File

@@ -35,17 +35,10 @@ data:
cluster: cluster:
patchResource: true patchResource: true
setOwnerReferences: true setOwnerReferences: true
hostNetwork: true
selector: selector:
matchLabels: matchLabels:
cluster-api.cattle.io/rancher-auto-import: "true" cluster-api.cattle.io/rancher-auto-import: "true"
matchExpressions:
- key: cluster-api.cattle.io/disable-fleet-auto-import
operator: DoesNotExist
namespaceSelector: namespaceSelector:
matchLabels: matchLabels:
cluster-api.cattle.io/rancher-auto-import: "true" cluster-api.cattle.io/rancher-auto-import: "true"
matchExpressions:
- key: cluster-api.cattle.io/disable-fleet-auto-import
operator: DoesNotExist
{{- end }} {{- end }}

4
rancher-turtles-chart/templates/clusterctl-cm-cleanup-job.yaml
View File

@@ -1,4 +1,4 @@
{{- if index .Values "rancherTurtles" "rancherInstalled" }} {{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }}
--- ---
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
@@ -55,7 +55,7 @@ spec:
serviceAccountName: pre-upgrade-job serviceAccountName: pre-upgrade-job
containers: containers:
- name: rancher-clusterctl-configmap-cleanup - name: rancher-clusterctl-configmap-cleanup
image: {{ index .Values "rancherTurtles" "kubectlImage" }} image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}
args: args:
- delete - delete
- configmap - configmap

6
rancher-turtles-chart/templates/deployment.yaml
View File

@@ -26,7 +26,7 @@ spec:
containers: containers:
- args: - args:
- --leader-elect - --leader-elect
- --feature-gates=addon-provider-fleet={{ index .Values "rancherTurtles" "features" "addon-provider-fleet" "enabled"}},agent-tls-mode={{ index .Values "rancherTurtles" "features" "agent-tls-mode" "enabled"}} - --feature-gates=propagate-labels={{ index .Values "rancherTurtles" "features" "propagate-labels" "enabled"}},managementv3-cluster={{ index .Values "rancherTurtles" "features" "managementv3-cluster" "enabled"}},rancher-kube-secret-patch={{ index .Values "rancherTurtles" "features" "rancher-kubeconfigs" "label"}}
{{- range .Values.rancherTurtles.managerArguments }} {{- range .Values.rancherTurtles.managerArguments }}
- {{ . }} - {{ . }}
{{- end }} {{- end }}
@@ -67,10 +67,10 @@ spec:
resources: resources:
limits: limits:
cpu: 500m cpu: 500m
memory: 256Mi memory: 128Mi
requests: requests:
cpu: 10m cpu: 10m
memory: 128Mi memory: 64Mi
serviceAccountName: rancher-turtles-manager serviceAccountName: rancher-turtles-manager
terminationGracePeriodSeconds: 10 terminationGracePeriodSeconds: 10
tolerations: tolerations:

2
rancher-turtles-chart/templates/metal3-infrastructure.yaml
View File

@@ -22,7 +22,7 @@ metadata:
spec: spec:
providers: providers:
- name: metal3 - name: metal3
url: "https://github.com/rancher-sandbox/cluster-api-provider-metal3/releases/v1.9.2/infrastructure-components.yaml" url: "https://github.com/metal3-io/cluster-api-provider-metal3/releases/v1.7.2/infrastructure-components.yaml"
type: InfrastructureProvider type: InfrastructureProvider
--- ---
apiVersion: turtles-capi.cattle.io/v1alpha1 apiVersion: turtles-capi.cattle.io/v1alpha1

18
rancher-turtles-chart/templates/post-delete-job.yaml
View File

@@ -1,4 +1,4 @@
{{- if index .Values "cluster-api-operator" "cleanup" }} {{- if index .Values "rancherTurtles" "features" "cluster-api-operator" "cleanup" }}
--- ---
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
@@ -41,7 +41,7 @@ metadata:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: post-delete-job name: post-delete-job
namespace: '{{ .Values.rancherTurtles.namespace }}' namespace: rancher-turtles-system
roleRef: roleRef:
kind: ClusterRole kind: ClusterRole
name: post-delete-job-delete-webhooks name: post-delete-job-delete-webhooks
@@ -62,7 +62,7 @@ spec:
serviceAccountName: post-delete-job serviceAccountName: post-delete-job
containers: containers:
- name: cluster-api-operator-mutatingwebhook-cleanup - name: cluster-api-operator-mutatingwebhook-cleanup
image: {{ index .Values "rancherTurtles" "kubectlImage" }} image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
command: ["kubectl"] command: ["kubectl"]
args: args:
- delete - delete
@@ -90,7 +90,7 @@ spec:
serviceAccountName: post-delete-job serviceAccountName: post-delete-job
containers: containers:
- name: cluster-api-operator-validatingwebhook-cleanup - name: cluster-api-operator-validatingwebhook-cleanup
image: {{ index .Values "rancherTurtles" "kubectlImage" }} image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
command: ["kubectl"] command: ["kubectl"]
args: args:
- delete - delete
@@ -119,7 +119,7 @@ spec:
restartPolicy: Never restartPolicy: Never
containers: containers:
- name: delete-capi-controller-manager - name: delete-capi-controller-manager
image: {{ index .Values "rancherTurtles" "kubectlImage" }} image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
command: ["kubectl"] command: ["kubectl"]
args: args:
- delete - delete
@@ -128,7 +128,7 @@ spec:
- {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }} - {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }}
- --ignore-not-found=true - --ignore-not-found=true
- name: delete-capi-kubeadm-bootstrap-controller-manager - name: delete-capi-kubeadm-bootstrap-controller-manager
image: {{ index .Values "rancherTurtles" "kubectlImage" }} image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
command: ["kubectl"] command: ["kubectl"]
args: args:
- delete - delete
@@ -137,7 +137,7 @@ spec:
- capi-kubeadm-bootstrap-system - capi-kubeadm-bootstrap-system
- --ignore-not-found=true - --ignore-not-found=true
- name: delete-capi-kubeadm-control-plane-controller-manager - name: delete-capi-kubeadm-control-plane-controller-manager
image: {{ index .Values "rancherTurtles" "kubectlImage" }} image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
command: ["kubectl"] command: ["kubectl"]
args: args:
- delete - delete
@@ -146,7 +146,7 @@ spec:
- capi-kubeadm-control-plane-system - capi-kubeadm-control-plane-system
- --ignore-not-found=true - --ignore-not-found=true
- name: delete-rke2-kubeadm-bootstrap-controller-manager - name: delete-rke2-kubeadm-bootstrap-controller-manager
image: {{ index .Values "rancherTurtles" "kubectlImage" }} image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
command: ["kubectl"] command: ["kubectl"]
args: args:
- delete - delete
@@ -155,7 +155,7 @@ spec:
- {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "namespace" }} - {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "namespace" }}
- --ignore-not-found=true - --ignore-not-found=true
- name: delete-rke2-control-plane-controller-manager - name: delete-rke2-control-plane-controller-manager
image: {{ index .Values "rancherTurtles" "kubectlImage" }} image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
command: ["kubectl"] command: ["kubectl"]
args: args:
- delete - delete

20
rancher-turtles-chart/templates/post-upgrade-job.yaml
View File

@@ -1,9 +1,10 @@
{{- if eq (index .Values "rancherTurtles" "features" "managementv3-cluster-migration" "enabled") true }}
--- ---
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: post-upgrade-job name: post-upgrade-job
namespace: '{{ .Values.rancherTurtles.namespace }}' namespace: rancher-turtles-system
annotations: annotations:
"helm.sh/hook": post-upgrade "helm.sh/hook": post-upgrade
"helm.sh/hook-weight": "1" "helm.sh/hook-weight": "1"
@@ -23,6 +24,13 @@ rules:
verbs: verbs:
- list - list
- delete - delete
- apiGroups:
- management.cattle.io
resources:
- clusters
verbs:
- list
- delete
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
@@ -34,7 +42,7 @@ metadata:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: post-upgrade-job name: post-upgrade-job
namespace: '{{ .Values.rancherTurtles.namespace }}' namespace: rancher-turtles-system
roleRef: roleRef:
kind: ClusterRole kind: ClusterRole
name: post-upgrade-job-delete-clusters name: post-upgrade-job-delete-clusters
@@ -44,7 +52,6 @@ apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: post-upgrade-delete-clusters name: post-upgrade-delete-clusters
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations: annotations:
"helm.sh/hook": post-upgrade "helm.sh/hook": post-upgrade
"helm.sh/hook-weight": "2" "helm.sh/hook-weight": "2"
@@ -55,12 +62,17 @@ spec:
serviceAccountName: post-upgrade-job serviceAccountName: post-upgrade-job
containers: containers:
- name: post-upgrade-delete-clusters - name: post-upgrade-delete-clusters
image: {{ index .Values "rancherTurtles" "kubectlImage" }} image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}
args: args:
- delete - delete
{{- if eq (index .Values "rancherTurtles" "features" "managementv3-cluster" "enabled") true }}
- clusters.provisioning.cattle.io - clusters.provisioning.cattle.io
{{- else }}
- clusters.management.cattle.io
{{- end }}
- --selector=cluster-api.cattle.io/owned - --selector=cluster-api.cattle.io/owned
- -A - -A
- --ignore-not-found=true - --ignore-not-found=true
- --wait - --wait
restartPolicy: OnFailure restartPolicy: OnFailure
{{- end }}

10
rancher-turtles-chart/templates/pre-delete-job.yaml
View File

@@ -1,10 +1,10 @@
{{- if index .Values "rancherTurtles" "rancherInstalled" }} {{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }}
--- ---
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: pre-delete-job name: pre-delete-job
namespace: '{{ .Values.rancherTurtles.namespace }}' namespace: rancher-turtles-system
annotations: annotations:
"helm.sh/hook": pre-delete "helm.sh/hook": pre-delete
"helm.sh/hook-weight": "-2" "helm.sh/hook-weight": "-2"
@@ -35,7 +35,7 @@ metadata:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: pre-delete-job name: pre-delete-job
namespace: '{{ .Values.rancherTurtles.namespace }}' namespace: rancher-turtles-system
roleRef: roleRef:
kind: ClusterRole kind: ClusterRole
name: pre-delete-job-delete-capiproviders name: pre-delete-job-delete-capiproviders
@@ -45,7 +45,7 @@ apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: rancher-capiprovider-cleanup name: rancher-capiprovider-cleanup
namespace: '{{ .Values.rancherTurtles.namespace }}' namespace: rancher-turtles-system
annotations: annotations:
"helm.sh/hook": pre-delete "helm.sh/hook": pre-delete
"helm.sh/hook-weight": "-1" "helm.sh/hook-weight": "-1"
@@ -56,7 +56,7 @@ spec:
serviceAccountName: pre-delete-job serviceAccountName: pre-delete-job
containers: containers:
- name: rancher-capiprovider-cleanup - name: rancher-capiprovider-cleanup
image: {{ index .Values "rancherTurtles" "kubectlImage" }} image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}
args: args:
- delete - delete
- capiproviders - capiproviders

14
rancher-turtles-chart/templates/pre-install-job.yaml
View File

@@ -1,3 +1,4 @@
{{- if index .Values "rancherTurtles" "features" "embedded-capi" "disabled" }}
{{- if index .Values "rancherTurtles" "rancherInstalled"}} {{- if index .Values "rancherTurtles" "rancherInstalled"}}
--- ---
apiVersion: management.cattle.io/v3 apiVersion: management.cattle.io/v3
@@ -10,13 +11,14 @@ metadata:
spec: spec:
value: false value: false
{{- end }} {{- end }}
{{- if index .Values "rancherTurtles" "rancherInstalled" }} {{- end }}
{{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }}
--- ---
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: pre-install-job name: pre-install-job
namespace: '{{ .Values.rancherTurtles.namespace }}' namespace: rancher-turtles-system
annotations: annotations:
"helm.sh/hook": pre-install "helm.sh/hook": pre-install
"helm.sh/hook-weight": "1" "helm.sh/hook-weight": "1"
@@ -47,7 +49,7 @@ metadata:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: pre-install-job name: pre-install-job
namespace: '{{ .Values.rancherTurtles.namespace }}' namespace: rancher-turtles-system
roleRef: roleRef:
kind: ClusterRole kind: ClusterRole
name: pre-install-job-delete-webhooks name: pre-install-job-delete-webhooks
@@ -57,7 +59,6 @@ apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: rancher-mutatingwebhook-cleanup name: rancher-mutatingwebhook-cleanup
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations: annotations:
"helm.sh/hook": pre-install "helm.sh/hook": pre-install
"helm.sh/hook-weight": "2" "helm.sh/hook-weight": "2"
@@ -68,7 +69,7 @@ spec:
serviceAccountName: pre-install-job serviceAccountName: pre-install-job
containers: containers:
- name: rancher-mutatingwebhook-cleanup - name: rancher-mutatingwebhook-cleanup
image: {{ index .Values "rancherTurtles" "kubectlImage" }} image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}
args: args:
- delete - delete
- mutatingwebhookconfigurations.admissionregistration.k8s.io - mutatingwebhookconfigurations.admissionregistration.k8s.io
@@ -80,7 +81,6 @@ apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: rancher-validatingwebhook-cleanup name: rancher-validatingwebhook-cleanup
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations: annotations:
"helm.sh/hook": pre-install "helm.sh/hook": pre-install
"helm.sh/hook-weight": "2" "helm.sh/hook-weight": "2"
@@ -91,7 +91,7 @@ spec:
serviceAccountName: pre-install-job serviceAccountName: pre-install-job
containers: containers:
- name: rancher-validatingwebhook-cleanup - name: rancher-validatingwebhook-cleanup
image: {{ index .Values "rancherTurtles" "kubectlImage" }} image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}
args: args:
- delete - delete
- validatingwebhookconfigurations.admissionregistration.k8s.io - validatingwebhookconfigurations.admissionregistration.k8s.io

345
rancher-turtles-chart/templates/rancher-turtles-components.yaml
View File

File diff suppressed because it is too large Load Diff

90
rancher-turtles-chart/templates/rancher-turtles-exp-etcdrestore-components.yaml
View File

@@ -4,7 +4,7 @@ kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert
controller-gen.kubebuilder.io/version: v0.16.1 controller-gen.kubebuilder.io/version: v0.14.0
labels: labels:
turtles-capi.cattle.io: etcd-restore turtles-capi.cattle.io: etcd-restore
name: etcdmachinesnapshots.turtles-capi.cattle.io name: etcdmachinesnapshots.turtles-capi.cattle.io
@@ -116,7 +116,7 @@ kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert
controller-gen.kubebuilder.io/version: v0.16.1 controller-gen.kubebuilder.io/version: v0.14.0
labels: labels:
turtles-capi.cattle.io: etcd-restore turtles-capi.cattle.io: etcd-restore
name: etcdsnapshotrestores.turtles-capi.cattle.io name: etcdsnapshotrestores.turtles-capi.cattle.io
@@ -195,20 +195,20 @@ spec:
description: |- description: |-
The reason for the condition's last transition in CamelCase. The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API. The specific API may choose whether or not this field is considered a guaranteed API.
This field may be empty. This field may not be empty.
type: string type: string
severity: severity:
description: |- description: |-
severity provides an explicit classification of Reason code, so the users or machines can immediately Severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly. understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False. The Severity field MUST be set only when Status=False.
type: string type: string
status: status:
description: status of the condition, one of True, False, Unknown. description: Status of the condition, one of True, False, Unknown.
type: string type: string
type: type:
description: |- description: |-
type of condition in CamelCase or in foo.example.com/CamelCase. Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important. can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string type: string
@@ -235,7 +235,7 @@ kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert
controller-gen.kubebuilder.io/version: v0.16.1 controller-gen.kubebuilder.io/version: v0.14.0
labels: labels:
turtles-capi.cattle.io: etcd-restore turtles-capi.cattle.io: etcd-restore
name: rke2etcdmachinesnapshotconfigs.turtles-capi.cattle.io name: rke2etcdmachinesnapshotconfigs.turtles-capi.cattle.io
@@ -438,7 +438,29 @@ rules:
- cluster.x-k8s.io - cluster.x-k8s.io
resources: resources:
- clusters - clusters
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters/status - clusters/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machines - machines
verbs: verbs:
- create - create
@@ -477,8 +499,6 @@ rules:
- turtles-capi.cattle.io - turtles-capi.cattle.io
resources: resources:
- etcdmachinesnapshots - etcdmachinesnapshots
- etcdsnapshotrestores
- rke2etcdmachinesnapshotconfigs
verbs: verbs:
- create - create
- delete - delete
@@ -491,15 +511,63 @@ rules:
- turtles-capi.cattle.io - turtles-capi.cattle.io
resources: resources:
- etcdmachinesnapshots/finalizers - etcdmachinesnapshots/finalizers
- etcdsnapshotrestores/finalizers
- rke2etcdmachinesnapshotconfigs/finalizers
verbs: verbs:
- update - update
- apiGroups: - apiGroups:
- turtles-capi.cattle.io - turtles-capi.cattle.io
resources: resources:
- etcdmachinesnapshots/status - etcdmachinesnapshots/status
verbs:
- get
- patch
- update
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdsnapshotrestores
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdsnapshotrestores/finalizers
verbs:
- update
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdsnapshotrestores/status - etcdsnapshotrestores/status
verbs:
- get
- patch
- update
- apiGroups:
- turtles-capi.cattle.io
resources:
- rke2etcdmachinesnapshotconfigs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- turtles-capi.cattle.io
resources:
- rke2etcdmachinesnapshotconfigs/finalizers
verbs:
- update
- apiGroups:
- turtles-capi.cattle.io
resources:
- rke2etcdmachinesnapshotconfigs/status - rke2etcdmachinesnapshotconfigs/status
verbs: verbs:
- get - get

38
rancher-turtles-chart/values.yaml
View File

@@ -1,24 +1,35 @@
rancherTurtles: rancherTurtles:
image: registry.rancher.com/rancher/rancher/turtles image: registry.rancher.com/rancher/rancher/turtles
imageVersion: v0.16.0 imageVersion: v0.14.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
namespace: rancher-turtles-system namespace: rancher-turtles-system
managerArguments: [] managerArguments: []
imagePullSecrets: [] imagePullSecrets: []
rancherInstalled: false rancherInstalled: true
kubectlImage: registry.suse.com/edge/3.2/kubectl:1.30.3
features: features:
cluster-api-operator:
cleanup: true
kubectlImage: rancher/kubectl:v1.30.3
embedded-capi:
disabled: false
rancher-webhook:
cleanup: false
kubectlImage: rancher/kubectl:v1.30.3
rancher-kubeconfigs:
label: false
managementv3-cluster:
enabled: true
managementv3-cluster-migration:
enabled: false
propagate-labels:
enabled: false
etcd-snapshot-restore: etcd-snapshot-restore:
enabled: false enabled: false
image: registry.rancher.com/rancher/rancher/turtles image: registry.rancher.com/rancher/rancher/turtles
imageVersion: v0.16.0 imageVersion: v0.14.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
# beta feature, see documentation for more information on feature stages
addon-provider-fleet: addon-provider-fleet:
enabled: false enabled: false
# alpha feature, see documentation for more information on feature stages
agent-tls-mode:
enabled: false
cluster-api-operator: cluster-api-operator:
enabled: true enabled: true
cert-manager: cert-manager:
@@ -42,7 +53,6 @@ cluster-api-operator:
- mountPath: /config - mountPath: /config
name: clusterctl-config name: clusterctl-config
readOnly: true readOnly: true
cleanup: true
cluster-api: cluster-api:
enabled: true enabled: true
configSecret: configSecret:
@@ -50,34 +60,30 @@ cluster-api-operator:
defaultName: capi-env-variables defaultName: capi-env-variables
core: core:
namespace: capi-system namespace: capi-system
imageUrl: ""
fetchConfig: fetchConfig:
url: "" url: ""
selector: "" selector: ""
rke2: rke2:
enabled: true enabled: true
version: ""
bootstrap: bootstrap:
namespace: rke2-bootstrap-system namespace: rke2-bootstrap-system
imageUrl: ""
fetchConfig: fetchConfig:
url: "" url: ""
selector: "" selector: ""
controlPlane: controlPlane:
namespace: rke2-control-plane-system namespace: rke2-control-plane-system
imageUrl: ""
fetchConfig: fetchConfig:
url: "" url: ""
selector: "" selector: ""
metal3: metal3:
enabled: true enabled: true
version: "v1.9.2" version: "v1.8.2"
infrastructure: infrastructure:
namespace: capm3-system namespace: capm3-system
imageUrl: "registry.suse.com/rancher/cluster-api-provider-metal3:v1.9.2" imageUrl: "registry.rancher.com/rancher/cluster-api-metal3-controller:v1.8.2"
fetchConfig: fetchConfig:
url: "" url: ""
selector: "" selector: ""
ipam: ipam:
namespace: capm3-system namespace: capm3-system
imageUrl: "registry.suse.com/rancher/ip-address-manager:v1.9.3" imageUrl: "registry.rancher.com/rancher/cluster-api-metal3-ipam-controller:v1.8.1"

6
release-manifest-image/release_manifest.yaml
View File

@@ -96,12 +96,12 @@ spec:
- prettyName: Longhorn - prettyName: Longhorn
releaseName: longhorn releaseName: longhorn
chart: longhorn chart: longhorn
version: 105.1.0+up1.7.2 version: 105.1.1+up1.7.3
repository: https://charts.rancher.io repository: https://charts.rancher.io
dependencyCharts: dependencyCharts:
- releaseName: longhorn-crd - releaseName: longhorn-crd
chart: longhorn-crd chart: longhorn-crd
version: 105.1.0+up1.7.2 version: 105.1.1+up1.7.3
repository: https://charts.rancher.io repository: https://charts.rancher.io
- prettyName: MetalLB - prettyName: MetalLB
releaseName: metallb releaseName: metallb
@@ -170,7 +170,7 @@ spec:
- prettyName: Metal3 - prettyName: Metal3
releaseName: metal3 releaseName: metal3
chart: %%CHART_REPO%%/%%IMG_PREFIX%%metal3-chart chart: %%CHART_REPO%%/%%IMG_PREFIX%%metal3-chart
version: %%CHART_MAJOR%%.0.0+up0.9.0 version: %%CHART_MAJOR%%.0.0+up0.9.4
- prettyName: RancherTurtles - prettyName: RancherTurtles
releaseName: rancher-turtles releaseName: rancher-turtles
chart: %%CHART_REPO%%/%%IMG_PREFIX%%rancher-turtles-chart chart: %%CHART_REPO%%/%%IMG_PREFIX%%rancher-turtles-chart

BIN
shim-noarch/shim-15.7-150300.4.16.1.aarch64.rpm
View File

Binary file not shown.

BIN
shim-noarch/shim-15.7-150300.4.16.1.x86_64.rpm
View File

Binary file not shown.

1099
shim-noarch/shim.changes
View File

File diff suppressed because it is too large Load Diff

90
shim-noarch/shim.spec
View File

@@ -1,90 +0,0 @@
#
# spec file for package shim
#
# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%undefine _debuginfo_subpackages
%undefine _build_create_debug
# Move 'efi'-executables to '/usr/share/efi' (FATE#326960, bsc#1166523)
%define sysefibasedir %{_datadir}/efi
Name: shim
Version: 15.7
Release: 0
Summary: UEFI shim loader
License: BSD-2-Clause
Group: System/Boot
URL: https://github.com/rhboot/shim
Source: shim-15.7-150300.4.16.1.x86_64.rpm
Source1: shim-15.7-150300.4.16.1.aarch64.rpm
Requires: perl-Bootloader
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
%description
shim is a trivial EFI application that, when run, attempts to open and
execute another application.
%package aarch64
Provides: shim(aarch64)
Group: System/Boot
Summary: UEFI shim loader
%package x86_64
Provides: shim(x86_64)
Group: System/Boot
Summary: UEFI shim loader
%description aarch64
shim is a trivial EFI application that, when run, attempts to open and
execute another application.
%description x86_64
shim is a trivial EFI application that, when run, attempts to open and
execute another application.
%prep
rpm2cpio %{SOURCE0} | cpio --extract --unconditional --preserve-modification-time --make-directories
rpm2cpio %{SOURCE1} | cpio --extract --unconditional --preserve-modification-time --make-directories
%build
%install
# purely repackaged
cp -a * %{buildroot}
rm -rf %{buildroot}/usr/lib64/efi
rm %{buildroot}/etc/uefi/certs/BCA4E38E-shim.crt %{buildroot}/usr/sbin/shim-install %{buildroot}/usr/share/doc/packages/shim/COPYRIGHT
%files aarch64
%defattr(-,root,root)
%dir %{?sysefibasedir}
%dir %{sysefibasedir}/aarch64
%{sysefibasedir}/aarch64/shim.efi
%{sysefibasedir}/aarch64/shim-*.efi
%{sysefibasedir}/aarch64/shim-*.der
%{sysefibasedir}/aarch64/MokManager.efi
%{sysefibasedir}/aarch64/fallback.efi
%files x86_64
%defattr(-,root,root)
%dir %{?sysefibasedir}
%dir %{sysefibasedir}/x86_64
%{sysefibasedir}/x86_64/shim.efi
%{sysefibasedir}/x86_64/shim-*.efi
%{sysefibasedir}/x86_64/shim-*.der
%{sysefibasedir}/x86_64/MokManager.efi
%{sysefibasedir}/x86_64/fallback.efi
%changelog